Doctrine of information security of the Russian Federation. V

Information Security Doctrine Russian Federation(project)

I. General provisions

1. This Doctrine of Information Security of the Russian Federation (hereinafter referred to as the Doctrine) is a system of official views on ensuring national security Russian Federation in information sphere.
In this Doctrine, the information sphere is understood as a set of information, objects of informatization, information systems and communication networks, information technologies, as well as entities whose activities are related to these technologies and ensuring information security, and mechanisms for regulating the social relations that arise in this case.
2. This Doctrine, based on an analysis of challenges and threats and an assessment of the state of information security of the Russian Federation, identifies the main directions for ensuring national interests in the information sphere from the perspective of implementing strategic national priorities.
3. Legal basis This Doctrine consists of the Constitution of the Russian Federation, generally recognized principles and norms international law and international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.
4. This Doctrine is a strategic planning document in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by Decree of the President of the Russian Federation of December 31, 2015 No. 683, and also takes into account the provisions of other strategic planning documents in the Russian Federation Federation in the field of national security.
5. This Doctrine serves as the basis for the formation of state policy in the field of ensuring information security of the Russian Federation, developing measures to improve the information security system of the Russian Federation, including the development of sectoral strategic planning documents of the Russian Federation in the information sphere or affecting this area, as well as for the development of public relations related to activities in the field of information security of the Russian Federation.
6. This Doctrine uses the following basic concepts:
a) the national interests of the Russian Federation (hereinafter referred to as national interests) in the information sphere - the totality of the state’s needs to ensure the security and sustainable development of the individual, society and the state as it relates to the information sphere;
b) information security of the Russian Federation - the state of protection of the individual, society and state from internal and external threats in the information sphere, which ensures the implementation of the constitutional rights and freedoms of citizens of the Russian Federation (hereinafter referred to as citizens), a decent quality and standard of living, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;
c) the information security system of the Russian Federation - a set of forces carrying out coordinated and planned activities to ensure the information security of the Russian Federation, and the means they use;
d) forces for ensuring information security of the Russian Federation - government bodies, divisions and officials (authorized) persons of state bodies and organizations of various forms of ownership, solving tasks in accordance with the legislation of the Russian Federation to ensure information security of the Russian Federation;
e) means of ensuring information security of the Russian Federation - organizational, technical, software, hardware and other means used by the forces ensuring information security of the Russian Federation;
f) information infrastructure of the Russian Federation - a set of informatization objects, information systems and communication networks located on the territory of the Russian Federation, territories under the jurisdiction of the Russian Federation or used on the basis of international treaties of the Russian Federation.

II. National interests in the information sphere

7. Information technologies have acquired a global cross-border nature and have become an integral part of all spheres of activity of the individual, society and state. Their effective use is a factor in accelerating the economic development of the state and the formation information society. The information sphere plays an important role in ensuring the implementation of the strategic national priorities of the Russian Federation.
8. National interests in the information sphere are:
a) compliance with the constitutional rights and freedoms of man and citizen in the field of obtaining and using information, including privacy when using information technology, information support for the participation of citizens in government, the political life of society, as well as the preservation of cultural, historical and spiritual-moral values ​​of a multinational the people of the Russian Federation;
b) ensuring the stable and uninterrupted functioning of the information infrastructure of the Russian Federation, including the critical information infrastructure of the Russian Federation and the unified telecommunications network of the Russian Federation, in peacetime, during the period of immediate threat of aggression and in wartime;
c) development of the information technology industry in the Russian Federation, as well as improvement of the activities of industrial, scientific and scientific-technical organizations in the development, production and operation of information security means, provision of services in the field of information security;
d) communicating to the Russian and international public and explaining objective and reliable information about the state policy of the Russian Federation and the official position of its top political leadership on socially significant events in the country and the world, promoting the dissemination of the spiritual and cultural values ​​of the peoples of Russia around the world;
e) promoting the formation of an international legal regime aimed at countering the threats of the use of information technologies to disrupt strategic stability, strengthening equal strategic partnerships in the field of information security, as well as ensuring the sovereignty of the Russian Federation in information space.
9. The implementation of national interests in the information sphere is aimed at the formation safe environment circulation of reliable information in the interests of ensuring the constitutional rights and freedoms of citizens, sustainable socio-economic development of the country, as well as national security.

III. Main threats and current state information security of the Russian Federation

10. The expansion of the areas of use of information technologies, while being a positive factor for economic development and improving the functioning of public and state institutions, at the same time gives rise to new challenges and threats to national security. This is due to the growing tendency to use the possibilities of cross-border information circulation in the information space to achieve geopolitical, military-political and other goals to the detriment of international security and strategic stability, as well as the use of information technologies for terrorist, criminal and other illegal purposes.
11. One of the main negative factors affecting the state of information security of the Russian Federation is the increase in the capabilities of leading foreign countries to exert information and technical influence on the information infrastructure of the Russian Federation, including critical information infrastructure, in order to achieve their military goals. At the same time, technical intelligence is being intensified in relation to Russian government agencies, scientific organizations and enterprises of the military-industrial complex.
12. The scope of the use by special services of individual states of information and psychological influences aimed at destabilizing the internal political and social situation in various regions of the world, leading to the undermining of sovereignty and violation of the territorial integrity of other states, is expanding.
This activity involves religious, ethnic, human rights and other organizations, including public ones, and structures, as well as individual groups of citizens. At the same time, the capabilities of information technology are widely used.
There is a tendency to increase the volume of materials in foreign media containing a biased and biased assessment of the foreign and domestic policies of the Russian Federation. Russian media are often subjected to outright discrimination abroad, and obstacles are created for Russian journalists to carry out their professional activity. The information impact on the population of Russia, primarily on young people, is increasing with the aim of eroding cultural and spiritual values, undermining the moral foundations, historical foundations and patriotic traditions of its multinational people.
13. Various terrorist and extremist organizations widely use mechanisms of information influence on individual, group and public consciousness in order to escalate interethnic and social tension, incite ethnic and religious hatred or enmity, promote extremist ideology, as well as attract new supporters to terrorist activities. To achieve their illegal goals, terrorist and extremist organizations are developing new technologies for destructive influence on critical information infrastructure objects.
14. The scale of computer crime is increasing, primarily in the monetary, foreign exchange, banking and other areas of the financial market, and the number of incidents related to the violation of the legal rights of citizens to protect personal and family secrets, personal data when using information systems and communication networks is increasing. . Methods, ways and means of committing crimes using information technologies are becoming more and more sophisticated.
The increase in threats to information security occurs against the backdrop of the continuing practice of introducing information technologies without linking them with ensuring information security.
15. The state of information security of the Russian Federation in the field of national defense is characterized by an increase in the use of information technologies by foreign states and non-state entities for military-political purposes to carry out actions aimed at undermining the sovereignty, political independence of states and posing a threat to global and regional security.
16. The state of information security of the Russian Federation in the field of state and public safety characterized by a constant increase in the level of complexity, scale and coordination computer attacks on the critical information infrastructure of the Russian Federation and intelligence activities of foreign states against the Russian Federation, as well as the growing threats of using information technologies to damage the sovereignty and territorial integrity of the Russian Federation, political and social stability in society.
17. The state of information security of the Russian Federation in the economic field is characterized by the Russian Federation lagging behind leading foreign countries in the development of competitive information technologies, including supercomputers, and their use to create products and provide services based on them. Remains high level dependence of the domestic economy and industry on foreign information technologies (electronic component base, software, Computer Engineering and means of communication). This state of affairs determines the dependence of the socio-economic development of the Russian Federation on the export policies of foreign countries, pursued by them in order to realize their geopolitical interests.
18. The state of information security of the Russian Federation in the field of science, technology and education is characterized by insufficient effectiveness of scientific research related to the creation of promising information technologies, low level implementation of domestic developments, as well as insufficient staffing in the field of information security.
Measures to ensure the integrity, stability of operation and security of the information infrastructure of the Russian Federation using domestic information technologies and products often do not have a comprehensive basis.
19. The state of information security of the Russian Federation in the field of strategic stability and equal strategic partnership is characterized by the desire of individual states to use technological superiority to dominate the information space. The current distribution of critical Internet resources between countries does not allow for fair shared management them on the principles of interstate trust.
The lack of norms for regulating interstate relations in the information space and corresponding international legal mechanisms that take into account the specifics of information technologies makes it difficult to form an international information security system designed to promote strategic stability and promote equal strategic partnerships.

IV. Main directions of ensuring information security of the Russian Federation

20. The activities of government bodies in the field of ensuring information security of the Russian Federation are based on the following principles:
legality and legal equality of all participants in public relations in the information sphere, based on the constitutional right of citizens to freely search, receive, transmit, produce and disseminate information in any legal way;
maintaining a balance between the need of citizens and society for the free exchange of information and the necessary restrictions on the dissemination of information in order to ensure national security, including in the information sphere;
sufficiency of forces and means to ensure information security of the Russian Federation, determined, among other things, by constant monitoring threats in the information sphere;
compliance with generally accepted principles and norms of international law when carrying out activities to ensure information security of the Russian Federation, taking into account the restrictions established by the legislation of the Russian Federation.
21. The strategic goals of ensuring the information security of the Russian Federation in the field of national defense are the creation of conditions for the peaceful development of the information space and the realization of national interests in the information sphere.
In accordance with the military policy of the Russian Federation, ensuring information security in the field of national defense, as well as the interests of the allies of the Russian Federation, is aimed at:
on strategic containment and prevention of military conflicts that may arise as a result of the aggressive use of information technologies;
to improve the information security system of the Armed Forces of the Russian Federation, other troops, military formations and bodies, including the development of forces and means of information warfare;
to identify, assess and forecast threats to the Russian Federation and its Armed Forces in the information sphere;
to counter information influence on Russian citizens, including those aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.
22. The strategic goals of ensuring information security of the Russian Federation in the field of state and public security are strengthening state sovereignty, maintaining political and social stability in society, realizing fundamental rights and freedoms of man and citizen, as well as protecting the critical information infrastructure of the Russian Federation.
Ensuring information security of the Russian Federation in the field of state and public security is aimed at:
to counter the use of information technologies to promote the ideology of terrorism and the spread of ideas of extremism, xenophobia, national exclusivity in order to undermine socio-political stability, forcibly change the foundations of the constitutional system of the Russian Federation, violate its unity and territorial integrity;
to counter intelligence and other activities of special services and organizations of foreign states using technical means and information technologies, as well as individuals, aimed at harming the national security of the Russian Federation;
to increase the security of the critical information infrastructure of the Russian Federation and the sustainability of its functioning, including the development of mechanisms for preventing and detecting threats to information security and eliminating the consequences of their implementation, including protecting the population and territories from emergency situations caused by information and technical impacts on critical infrastructure facilities of the Russian Federation;
to improve the security of the functioning of the information infrastructure of the Russian Federation, including for the sustainable interaction of government authorities, preventing foreign control over its functioning, including ensuring the integrity, stability of operation and security unified network telecommunications of the Russian Federation, as well as ensuring the security of information transmitted through it and processed in information systems on the territory of the Russian Federation;
to improve the safety of operation of weapons, military and special equipment and automated systems management;
to increase the effectiveness of preventing and combating crimes committed using information technologies;
to ensure the protection of information containing information constituting state secrets, other restricted access information, including by increasing the security of the information technologies used;
to improve approaches, methods and methods for the safe use of products and services created on the basis of information technology;
to increase the efficiency of information support for state policy of the Russian Federation;
to neutralize information influences aimed at eroding traditional Russian spiritual and moral values.
23. The strategic goal of ensuring the information security of the Russian Federation in the economic field is to reduce to the minimum possible level the influence on the state of national security of the Russian Federation of negative factors caused by the insufficient development of domestic sectors of information technology and the electronics industry.
Ensuring information security of the Russian Federation in the economic field is aimed at:
to create an innovative information technology and electronics industry that makes a significant contribution to the formation of the country’s gross domestic product;
to achieve the technological independence of the Russian Federation in the field of information technology through the creation, development and widespread implementation of world-class domestic information technologies and information security tools, as well as products and services based on them;
to increase competitiveness Russian companies the information technology industry, including through the creation of favorable conditions for carrying out activities in the Russian Federation;
for the development of domestic competitive electronic component base and technologies for its production, meeting the needs of the domestic market for such products and the entry of these products into the world market.
24. The strategic goal of ensuring the information security of the Russian Federation in the field of science, technology and education is to support the innovative and accelerated development of the information security system of the Russian Federation and the information technology industry.
Ensuring information security of the Russian Federation in the field of science, technology and education is aimed at:
to achieve competitive advantages the Russian information technology industry and the development of scientific and technical potential in the field of ensuring information security of the Russian Federation;
to create information technologies that are fundamentally resistant to various types impacts;
to conduct scientific research and experimental developments in the field of advanced information technologies and information security means;
to increase human resources in the field of information security, as well as information technology;
to create conditions to ensure the protection of citizens from threats of various types when using information technologies, including through the formation of a culture of personal information security.
25. The strategic goal of ensuring information security in the field of strategic stability and equal strategic partnership is the formation of a sustainable system of non-conflict interstate relations in the information space.
Ensuring information security of the Russian Federation in the field of strategic stability and equal strategic partnership is aimed at:
to maintain the sovereignty of the Russian Federation in the information space by implementing an independent and independent policy in order to protect national interests in the information sphere;
to promote the formation of an international information security system that ensures effective counteraction to the use of information technologies for aggressive, terrorist, extremist and criminal purposes;
to create international legal mechanisms that take into account the specifics of information technologies in order to prevent and resolve interstate conflicts in the information space;
on the development of a national management system for the Russian segment of the Internet with the leading role of states in this process.

V. Organizational basis for ensuring information security of the Russian Federation

26. The information security system of the Russian Federation is integral part national security systems.
Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of activity of government bodies of the Russian Federation in interaction with local governments, organizations of various forms of ownership, public organizations and citizens.
27. The information security system of the Russian Federation is built on the basis of the delimitation of powers of legislative, executive and judicial authorities in this area, taking into account the jurisdiction of federal government bodies, government bodies of constituent entities of the Russian Federation, as well as local government bodies, determined by the legislation of the Russian Federation in security areas.
28. The structure of the information security system of the Russian Federation is determined by the President of the Russian Federation.
29. The main subjects of the organizational basis of the information security system of the Russian Federation are: the Federation Council of the Federal Assembly of the Russian Federation, the State Duma of the Federal Assembly of the Russian Federation, the Government of the Russian Federation, the Security Council of the Russian Federation, federal executive authorities, the Bank of Russia, the Military-Industrial Commission of the Russian Federation , interdepartmental and state commissions created by the President of the Russian Federation and the Government of the Russian Federation, executive authorities of the constituent entities of the Russian Federation, local government bodies, judicial authorities taking part in solving the problems of ensuring information security of the Russian Federation in accordance with the legislation of the Russian Federation.
Participants in the information security system of the Russian Federation are the owners of critical information infrastructure facilities of the Russian Federation and organizations of various forms of ownership that operate these elements; media and mass communication; organization of monetary, foreign exchange, banking sector and other areas of the financial market; telecom operators; information system operators; organizations engaged in the development, production and operation of information security tools, as well as the provision of services in the field of information security; organizations carrying out educational activities in this area; information holders; public associations; other organizations and citizens who, in accordance with the legislation of the Russian Federation, participate in solving problems of ensuring information security of the Russian Federation.
30. As part of ensuring the functioning of the information security system of the Russian Federation, government authorities solve the following tasks:
ensuring the implementation of the rights of citizens and organizations to lawful activities in the information sphere;
monitoring and assessing the state of information security of the Russian Federation, forecasting and identifying threats to information security, identifying priority areas for preventing and neutralizing these threats;
planning, carrying out and assessing the effectiveness of a set of measures aimed at detecting, preventing and promptly eliminating the consequences of the implementation of threats to the information security of the Russian Federation;
organization of activities and coordination of interaction between forces ensuring information security of the Russian Federation;
improvement of regulatory, organizational, technical, operational-search, intelligence, counterintelligence, scientific and technical, information and analytical, personnel and resource support for information security of the Russian Federation;
development and implementation of measures of state support for organizations engaged in the development, production and operation of information security means, provision of services in the field of information security, as well as organizations engaged in educational activities in this area.
31. The development and improvement of the information security system of the Russian Federation is achieved by:
strengthening the vertical and centralizing management of the information security forces of the Russian Federation at the federal, interregional, regional, municipal and facility levels (informatization objects, operators of information systems and communication networks);
improving the forms and methods of interaction between the information security forces of the Russian Federation in order to increase their readiness to counter threats in the information sphere;
improving information, analytical and scientific and technical support functioning of the information security system of the Russian Federation;
increasing the efficiency of interaction between government agencies, local government bodies, organizations of various forms of ownership and citizens when solving problems in the field of information security of the Russian Federation.
32. The implementation of this Doctrine is carried out on the basis of sectoral strategic planning documents of the Russian Federation. In order to update sectoral strategic planning documents, the Security Council of the Russian Federation determines a list of priority areas for ensuring information security of the Russian Federation in the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.
33. Control over the implementation of this Doctrine is carried out by the Security Council of the Russian Federation in accordance with its regulations.
34. The results of monitoring the implementation of this Doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.

PS. Regarding the questions about the already adopted package of Yarovaya laws, in general content and direction it is largely reminiscent of the so-punished “Patriot Act”, which was adopted in the USA after September 11, 2001 with approximately the same justification and which lasted in the USA for 14 years , until it was replaced by the Freedom Act, which somewhat limited the powers of the intelligence services compared to the Patriot Act. I believe that in our case, terrorism is only a pretext for a general expansion of the powers and capabilities of the intelligence services. As I have written more than once, the ongoing Cold War will continue to be accompanied by tightening the screws in the information environment, where Russia will focus on Chinese model control over information. The published draft doctrine as a whole is also in line with this trend, although it may undergo some changes.

The Doctrine of Information Security of the Russian Federation (Doctrine) was approved by Decree No. 1895 of the President of the Russian Federation of September 9, 2000. The Doctrine is a set of official views on the goals, objectives, principles and main directions of ensuring information security and serves as the basis for:

Formation of state policy in the field of ensuring information security of the Russian Federation;

Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support for information security of the Russian Federation;

Development of targeted programs to ensure information security of the Russian Federation.

1. Information security of the Russian Federation (types and sources of threats to information security of the Russian Federation, the state of information security of the Russian Federation and the main tasks to ensure it);

2. Methods of ensuring information security of the Russian Federation (features of providing information security of the Russian Federation in various spheres of public life, international cooperation in the field of providing information security);

3. Basic provisions of the state policy for ensuring information security of the Russian Federation (priority measures for the implementation of the state security policy in the Russian Federation);

4. Organizational basis for RF IS support systems (main functions of RF IS support systems. main elements of the organizational basis for RF IS support systems).

7. Law “On State Secrets”

The laws that allow information to be classified as secrets are based on the principles of information sovereignty and international rules. Regulation of relations arising in connection with the classification of information as state secrets, their classification and declassification in the interests of ensuring the security of the Russian Federation is carried out in accordance with the Law “On State Secrets”.

7.1. Basic Concepts

State secret - protected state information in the field of military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm the security of the Russian Federation.

Carriers of information constituting state secrets , - material objects, including physical fields, in which information constituting state secrets is reflected in the form of symbols, images, signals, technical solutions and processes.

Classified as classified - details indicating the degree of secrecy of the information contained in their medium, affixed on the medium itself and (or) in the accompanying documentation for it.

Level of secrecy - a category characterizing the importance of such information, possible damage if it is disclosed, the degree of restriction of access to it and the level of its protection by the state.

7.2. List of information constituting state secrets

State secrets are:

I. Information in the military field:

On the content of strategic and operational plans and other combat control documents; on the preparation and conduct of military operations, strategic and mobilization deployment of troops and their most important indicators characterizing the organization, strength, deployment, combat and mobilization readiness, combat and other military training, weapons and logistics of the Armed Forces. border troops and other military formations;

On the direction of development of certain types of weapons and military equipment, their quantity, tactical and technical characteristics, organization and production technology, research and development work related to the development of new types of weapons and military equipment, modernization of existing models, as well as others works planned or carried out in the interests of the country;

On the forces and means of Civil Defense, on the readiness of populated areas, regions and individual objects for the protection, evacuation and dispersal of the population, to ensure their livelihoods and the production activities of national economic facilities in wartime or in other emergency situations;

On geodetic, gravimetric, cartographic, hydrographic and hydrometeorological data and characteristics important for the defense of the country.

After a short wait, the Draft Information Security Doctrine of the Russian Federation appeared on the Internet. The document is very high-level, defining only the general goals and directions for the development of the information security system. Because of this, the document does not contain any specific descriptions of procedures, products, instructions, etc. Nevertheless, the document is very interesting. It is interesting primarily because of how the state sees information security and how it sees the role of citizens in information security.

Let’s leave aside the political component of this document (one way or another, each state has its own interests and naturally each state wants to defend them) and look at it solely from the point of view of ensuring information security.

The curious begins already in the section of terms and definitions. Let's say that there are national interests?

That is, national interests are primarily the interests of the state, and not the interests of society as a whole or individual citizens. True, the very next paragraph brings the interests of society and the state at the same level:

That is, each of the three parties must sacrifice something for security reasons. In general, the situation does not raise any questions - we all live in society and must take into account the interests of other persons. But who determines who should sacrifice what? Moreover, the document contains one more point:

That is, infringement of the rights and freedoms of citizens is unacceptable. It turns out that the state must sacrifice its interests? The question is extremely interesting, but is not addressed in the document - although at the end of the document it states that:

In this regard, it is extremely interesting - should such a large-scale program pass through the legislative bodies?
But let's go back to the beginning of the document - to the definitions section:

Again there is a bias towards measures from the state, while without the support of society (education computer literacy for example) ensuring such large-scale measures is hardly feasible.

It’s strange, but in the above definition, the number of resources to be protected does not include resources hosted on foreign servers. Even if a company stores its data on servers in Russia, it is often necessary to store and process data on servers located around the world. Does the state refuse to protect the interests of companies or do security requirements not apply to foreign servers?

Unfortunately, most of the points in the project are devoted to strengthening the vertical power structure and improving the perfection of the administrative mechanism. To avoid creating an incorrect impression - in fact, this is also a necessary thing - let us at least remember the quality of development of laws in the field of information security, the level of tenders, etc. There is a lot of improvement needed in this area. And this is also discussed in the document:

What does the document say about the role of individual citizens in improving information security?

Again, mainly measures from the state - about increasing the relevance of knowledge through interaction with companies various types, involving institutions in the process of releasing new products, developing new technologies - not a word

And the development of personality is again assumed through administrative measures - legal regulation and the development of legal consciousness at one point.

The document also mentions the fashionable topic of public-private partnerships:

But you won’t be able to get away from certification

If we draw conclusions, the document is not bad, but I would really like to correct its bias towards strengthening interaction between the state and society - for example, in developing the same concept of security - because it will concern us all.

Information Security Doctrine

Russian Federation

The information security doctrine of the Russian Federation is a set of official views on the goals, objectives, principles and main directions of ensuring information security of the Russian Federation.

This Doctrine provides the basis for:

formation of state policy in the field of ensuring information security of the Russian Federation;

preparation of proposals to improve legal, methodological, scientific, technical and organizational support information security of the Russian Federation;

development of targeted programs for ensuring information security of the Russian Federation.

This Doctrine develops the Concept of National Security of the Russian Federation in relation to the information sphere.

I. Information security of the Russian Federation

1. National interests of the Russian Federation in the information sphere and their provision

The current stage of development of society is characterized by the increasing role of the information sphere, which is a set of information, information infrastructure, entities collecting, generating, distributing and using information, as well as a system for regulating the social relations that arise in this case. The information sphere, being a system-forming factor in the life of society, actively influences the state of the political, economic, defense and other components of the security of the Russian Federation. The national security of the Russian Federation significantly depends on ensuring information security, and with technological progress this dependence will increase.

Information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, determined by the totality of balanced interests of the individual, society and the state.

2. Types of threats to information security of the Russian Federation

Based on their general focus, threats to the information security of the Russian Federation are divided into the following types:

threats to the constitutional rights and freedoms of man and citizen in the field of spiritual life and information activities, individual, group and social consciousness, spiritual revival of Russia;

threats information support state policy of the Russian Federation;

threats to the development of the domestic information industry, including the industry of information technology, telecommunications and communications, meeting the needs of the domestic market for its products and the entry of these products into the world market, as well as ensuring the accumulation, safety and effective use domestic information resources;

threats to the security of information and telecommunications facilities and systems, both already deployed and those being created in Russia.

3. Sources of threats to information security of the Russian Federation

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;

the desire of a number of countries to dominate and infringe on Russia’s interests in the global information space, to oust it from the external and internal information markets;

intensifying international competition for possession information technology and resources;

activities of international terrorist organizations;

increasing the technological gap of the world's leading powers and increasing their capabilities to counter the creation of competitive Russian information technologies;

activities of space, air, sea and ground technical and other means (types) of intelligence of foreign states;

development by a number of states of information warfare concepts that provide for the creation of means of dangerous influence on the information spheres of other countries of the world, violation normal functioning information and telecommunication systems, safety of information resources, obtaining unauthorized access to them.

Internal sources include:

critical state of domestic industries;

unfavorable crime situation, accompanied by trends in the merging of government and criminal structures in the information sphere, criminal structures gaining access to confidential information, increasing the influence of organized crime on the life of society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;

insufficient coordination of the activities of federal government bodies, government bodies of constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;

insufficient development of the regulatory legal framework regulating relations in the information sphere, as well as insufficient law enforcement practice;

underdevelopment of civil society institutions and insufficient government control over the development of the Russian information market;

insufficient funding for measures to ensure information security of the Russian Federation;

insufficient economic power of the state;

decreased efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;

insufficient activity of federal government bodies, government bodies of constituent entities of the Russian Federation in informing the public about their activities, in explaining decisions made, in creating open government resources and developing a system for citizens to access them;

Russia's lag behind the leading countries of the world in terms of the level of informatization of federal government bodies, government bodies of constituent entities of the Russian Federation and local governments, credit and financial spheres, industry, agriculture, education, healthcare, services and everyday life of citizens.

4. The state of information security of the Russian Federation and the main tasks to ensure it

In recent years, the Russian Federation has implemented a set of measures to improve its information security.

The formation of a legal framework for information security has begun. The Law of the Russian Federation "On State Secrets", the Fundamentals of the Legislation of the Russian Federation on the Archive Fund of the Russian Federation and Archives, the Federal Laws "On Information, Informatization and Information Protection", "On Participation in International Information Exchange", a number of other laws, work has been launched to create mechanisms for their implementation, prepare bills regulating public relations in the information sphere.

II. Methods for ensuring information security of the Russian Federation

5. General methods of ensuring information security of the Russian Federation

General methods of ensuring information security in the Russian Federation are divided into legal, organizational, technical and economic.

Legal methods of ensuring information security of the Russian Federation include the development of normative legal acts regulating relations in the information sphere, and normative methodological documents on issues of ensuring information security of the Russian Federation. The most important areas of this activity are:

introducing amendments and additions to the legislation of the Russian Federation regulating relations in the field of ensuring information security, in order to create and improve the system for ensuring information security of the Russian Federation, eliminating internal contradictions in federal legislation, contradictions related to international agreements to which the Russian Federation has joined, and contradictions between federal legislative acts and legislative acts of constituent entities of the Russian Federation, as well as for the purpose of specifying legal norms establishing liability for offenses in the field of ensuring information security of the Russian Federation;

legislative delimitation of powers in the field of ensuring information security of the Russian Federation between federal government bodies and government bodies of the constituent entities of the Russian Federation, determination of goals, objectives and mechanisms for the participation of public associations, organizations and citizens in this activity;

development and adoption of regulatory legal acts of the Russian Federation establishing the responsibility of legal and individuals for unauthorized access to information, its illegal copying, distortion and illegal use, deliberate dissemination of false information, illegal disclosure of confidential information, use of official information or information containing a trade secret for criminal and mercenary purposes;

clarification of the status of foreign news agencies, media and journalists, as well as investors when attracting foreign investment for the development of the information infrastructure of Russia.

6. Features of ensuring information security of the Russian Federation in various spheres of public life

Information security of the Russian Federation is one of the components of the national security of the Russian Federation and affects the protection of the national interests of the Russian Federation in various spheres of life of society and the state. Threats to the information security of the Russian Federation and methods for ensuring it are common to these areas.

Each of them has its own information security features related to the specifics of security objects and the degree of their vulnerability to threats to the information security of the Russian Federation. In every sphere of life of society and the state, along with general methods of ensuring information security of the Russian Federation, private methods and forms can be used, determined by the specific factors influencing the state of information security of the Russian Federation.

It is written in complex language, and rare readers even reach the middle of this not very large document. To simplify working with it, I decided to make a brief retelling (review) of the main provisions. I'm publishing!

Information Security Doctrine is a system of official views on ensuring the national security of the Russian Federation in the information sphere.

The document defines the following national interests in the information sphere (essentially they have not changed since 2000):

1. Ensuring and protecting the rights and freedoms of citizens in terms of obtaining and using information, privacy, as well as the preservation of spiritual and moral values.
2. Uninterrupted functioning of critical information infrastructure (CII).
3. Development of the IT and electronics industry in Russia.
4. Bringing reliable information about the state policy of the Russian Federation to the Russian and international public.
5. Promoting international information security.

Doctrine is necessary for formation of public policy And developing measures to improve the information security system.

Information Security(IS) is a state of protection of the individual, society and state from internal and external information threats. Moreover, the new edition of the document also states that constitutional rights and freedoms, a decent quality and standard of living for citizens, the sovereignty and territorial integrity of the Russian Federation, and its sustainable socio-economic development must be ensured. as well as state security. It’s not “security for security’s sake,” but even some kind of balance is achieved: citizens’ rights, economics, security.

The document was created on the basis of threat analysis and assessment of the state of information security of the Russian Federation and develops the provisions of the National Security Strategy of the Russian Federation (dated December 31, 2015 No. 683).

Threat to information security of the Russian Federation(information threat) - a set of actions and factors that create a danger of causing damage to national interests in the information sphere.

The Doctrine defines the following main threats and characteristics IS status(I quote them briefly):

• Foreign countries are increasing their ability to influence IT infrastructure for military purposes.
• The activities of organizations carrying out technical intelligence in relation to Russian organizations are intensifying.
• Implementing IT without linking it with information security increases the likelihood of threats.
• Special services use methods of information and psychological influence on citizens.
• More and more foreign media are reporting biased information.
• Russian media are subject to discrimination abroad.
• External information influence is eroding traditional Russian spiritual and moral values ​​(especially among young people).
• Terrorist and extremist organizations widely use mechanisms of information influence.
• The scale of computer crime is increasing, primarily in the credit and financial sphere
• Methods, methods and means of committing computer crimes are becoming more and more sophisticated.
• The complexity and number of coordinated computer attacks on CII facilities are increasing.
• The level of dependence of domestic industry on foreign IT remains high.
• Russian scientific research in the field of IT is not effective enough, and there is a shortage of personnel.
• Russian citizens have low awareness of personal information security issues.
• Individual states are seeking to use technological superiority to dominate the information space. Including on the Internet.

The document contains the following information security areas and basic directions according to them:

1. National defense:
a) strategic deterrence and prevention of military conflicts;
b) improving the information security system of the RF Armed Forces;
c) forecasting and assessment of information threats;
d) assistance in ensuring the protection of the interests of the allies of the Russian Federation;
e) neutralization of information and psychological impact.

2. State and public security:
a) countering the use of IT for propaganda;
b) countering intelligence services using IT;
c,d) increasing the security of CII;
e) increasing the operational safety of weapons, military and special equipment and automated control systems;
f) combating crimes in the IT sector;
g) protection of state secrets and other types of secrets;
h) development of domestic IT;
And) Information support state policy of the Federal Republic;
j) neutralization of information and psychological impact.

3. Economic sphere:
a-d) development and support of domestic IT.

4. Science, technology and education:
a-c) development of science;
d) development of human resources;
e) creating a personal information security culture.

5. Stability and equal strategic partnership
a) protection of the sovereignty of the Russian Federation in the information space;
b-d) participation in the formation of an international information security system;
e) development of a national management system for the Russian segment of the Internet.