New Doctrine of Information Security of the Russian Federation
Turn on the TV or go to the social network and see: the world is changing rapidly. In the political arena, new hostile forces unexpectedly appear, and long-standing partners become the main enemies. Moreover, both the first and the second are adopting not aircraft and tanks, but computer programs, information technologies and the Internet as the main weapon. Various tools are used - from conventional propaganda to applications that perform ballistic calculations for mortars. The defense industry is also not standing still: the notion of “cyber security” and companies working in this field have appeared. And both from the attack and defense.
From 2000 to the present day, the Information Security Doctrine of the Russian Federation has been in operation, designed to ensure the protection of national interests in the information sphere. But in 2016, a new document prepared by the Security Council of the Russian Federation will come into force. What is she talking about? Now tell.
')
The Kommersant publication got acquainted with the text of the doctrine and gave the following comments: the doctrine “is a strategic planning document in the field of ensuring the national security of the Russian Federation”.
It serves as the basis for:
As follows from the text of the doctrine itself, the country's cybersecurity is exposed to a multitude of threats, because the information space is increasingly used "for solving military-political tasks, as well as for terrorist and other illegal purposes."
The compilers of the doctrine distinguish five blocks of threats to the national security of the country. All of them we will not list, read later. But, for example, in the first block, the following threat is noted:
Yes ... state-owned enterprises and companies with state participation will have to take serious measures to protect their information bases and technologies from foreign intelligence and other external interference. After all, they are "the sphere of national interests."
The doctrine sets certain tasks for the leaders and responsible officials and suggests a list of measures.
Tasks:
Organizational measures:
Legal measures:
Thus, with the entry into force of the new doctrine, state and "near-state" enterprises will have to take even more significant measures to implement the national security policy in the information sphere.
Did you think that all this concerns only those who work with the state?
This is not true. Protection of national interests implies active state intervention in the activities of private companies operating on the Internet.
In anticipation of the introduction of the new doctrine, the Prosecutor General’s Office’s proposal to abandon the need for mandatory examination to block sites for extremist content was revealing. Such a proposal has already been published on the portal of draft regulatory legal acts.
This document states the following:
It turns out that the prosecutor of the subject of the Russian Federation with his signature can close any site containing, in the opinion of the prosecutor's office, signs of extremism, the concept of which can be summed up very much: from arguments on the topic “What do Ukrainians have there?” To quoting opposition media about ambiguous purchases for state or real estate officials.
It is not necessary to doubt that the state will oblige private business to comply with the new doctrine. Therefore, the above measures also apply to them. However, compliance with these measures will benefit the business itself, suffering from leakage of personnel and information.
But this is not all, there may be other consequences. It is no secret that now the flag of import substitution flies over everything that in one way or another concerns the state. For IT entrepreneurs, this means that not only the deployment of servers, but also the production of server equipment can be transferred to Russian land. Already, state contractors in the IT sphere are setting conditions for localization.
Recall the recent changes to the Law on Personal Data: when collecting personal data, including on the Internet, operators are obliged to record, systematize, store, clarify the personal data of our citizens using databases located in the Russian Federation.
It should be understood that the new doctrine itself is not a mandatory law. But on the basis of these essentially recommendations, the State Duma in the coming years will adopt a huge number of laws that will put a lot of new barriers to the IT business.
From 2000 to the present day, the Information Security Doctrine of the Russian Federation has been in operation, designed to ensure the protection of national interests in the information sphere. But in 2016, a new document prepared by the Security Council of the Russian Federation will come into force. What is she talking about? Now tell.
Image based on the movie "The Matrix" courtesy of mirgif.com
')
The Kommersant publication got acquainted with the text of the doctrine and gave the following comments: the doctrine “is a strategic planning document in the field of ensuring the national security of the Russian Federation”.
It serves as the basis for:
- development of measures for the development of the information security system of the Russian Federation;
- development and execution of government programs in this area;
- and also for the organization of cooperation of the Russian Federation with other states and international institutions.
As follows from the text of the doctrine itself, the country's cybersecurity is exposed to a multitude of threats, because the information space is increasingly used "for solving military-political tasks, as well as for terrorist and other illegal purposes."
The compilers of the doctrine distinguish five blocks of threats to the national security of the country. All of them we will not list, read later. But, for example, in the first block, the following threat is noted:
Foreign countries are building up the potential in the field of information and communication technologies to influence the critical information infrastructure of the Russian Federation and technical intelligence in relation to Russian government agencies, scientific organizations and enterprises of the military-industrial complex.
Yes ... state-owned enterprises and companies with state participation will have to take serious measures to protect their information bases and technologies from foreign intelligence and other external interference. After all, they are "the sphere of national interests."
The doctrine sets certain tasks for the leaders and responsible officials and suggests a list of measures.
Tasks:
- protection of information from access by unauthorized persons;
- protection of information from the destruction, modification, blocking, copying, provision, distribution, as well as from other illegal actions;
- observance of confidentiality of information and rules of limited access to it;
- reasonable and balanced approach to the implementation of the right of access to information.
Organizational measures:
- training of personnel and special methodological material on information security;
- investing money in the development and provision of information security;
- optimization of information resources and means of their protection;
- equipping with information storage and communication channels that meet safety requirements.
Legal measures:
- development of local regulations on confidentiality and information security;
- the establishment and application of appropriate measures of responsibility.
Thus, with the entry into force of the new doctrine, state and "near-state" enterprises will have to take even more significant measures to implement the national security policy in the information sphere.
Did you think that all this concerns only those who work with the state?
This is not true. Protection of national interests implies active state intervention in the activities of private companies operating on the Internet.
In anticipation of the introduction of the new doctrine, the Prosecutor General’s Office’s proposal to abandon the need for mandatory examination to block sites for extremist content was revealing. Such a proposal has already been published on the portal of draft regulatory legal acts.
This document states the following:
If informational materials with obvious signs of an extremist orientation have or can have a wide public response, there is an obvious need for prompt suppression of their dissemination, expert research is not required.
It turns out that the prosecutor of the subject of the Russian Federation with his signature can close any site containing, in the opinion of the prosecutor's office, signs of extremism, the concept of which can be summed up very much: from arguments on the topic “What do Ukrainians have there?” To quoting opposition media about ambiguous purchases for state or real estate officials.
It is not necessary to doubt that the state will oblige private business to comply with the new doctrine. Therefore, the above measures also apply to them. However, compliance with these measures will benefit the business itself, suffering from leakage of personnel and information.
But this is not all, there may be other consequences. It is no secret that now the flag of import substitution flies over everything that in one way or another concerns the state. For IT entrepreneurs, this means that not only the deployment of servers, but also the production of server equipment can be transferred to Russian land. Already, state contractors in the IT sphere are setting conditions for localization.
Recall the recent changes to the Law on Personal Data: when collecting personal data, including on the Internet, operators are obliged to record, systematize, store, clarify the personal data of our citizens using databases located in the Russian Federation.
It should be understood that the new doctrine itself is not a mandatory law. But on the basis of these essentially recommendations, the State Duma in the coming years will adopt a huge number of laws that will put a lot of new barriers to the IT business.
Source: https://habr.com/ru/post/297300/
All Articles