Tags

Information security doctrine of the Russian Federation – 6 December 2016

BY LOEL HARDING

 DECREE

                  THE PRESIDENT OF THE RUSSIAN FEDERATION


        On approval of the Doctrine of Information Security
                        of the Russian Federation

     In order to ensure the information security of the Russian
Federation of n s t a n o I hereby:
     1. To approve the Information Security Doctrine
Russian Federation.
     2. To recognize as invalid the Doctrine of Information
security of the Russian Federation, approved by the President
Russian Federation September 9, 2000 № Pr-1895 .
     3. This Decree shall enter into force on the day of its signing.


     Russian President Vladimir Putin

     Kremlin, Moscow,
      December 5, 2016
      № 646
      ___________________


                                                 APPROVED
                                              by the Decree of the President
                                             of the Russian Federation
                                          from December 5, 2016 № 646


                             Doctrine
          of the Russian Federation Information Security

                        I. General Provisions

     1. This doctrine is a system of official
views on the national security of the Russian
Federation in the information sphere.
     In this doctrine under the information sphere is understood
collection of information, facilities information, information
systems and websites in the information and telecommunication network "Internet"
(Hereinafter - the "Internet" network), communications networks, information technology,
entities, which activity is connected with the formation and
information processing, development and use of these
technology, information security, as well as
the totality of the relevant public regulation mechanisms
relationship.
     2. In this doctrine, the following basic
concepts:
     a) of the Russian Federation's national interests in the information
field (hereinafter - the national interests in the information sphere) -
objectively significant needs of the individual, society and state in
ensuring their security and sustainable development in part,
concerning the information sphere;
     b) the threat of information security of the Russian Federation
(Hereinafter - the threat of information) - a set of actions and factors,
creating a danger of damage to national interests
the information sphere;
     c) information security of the Russian Federation (hereinafter -
information security) - the state of security of the person,
society and the state from internal and external information
threats, which provide realization of constitutional rights and
freedoms of man and citizen, decent quality and standard of living
citizens, sovereignty, territorial integrity and sustainable
socio-economic development of the Russian Federation, and the defense
State security;
     g) information security - Implementation
interrelated legal, organizational, operational-search,
intelligence, counter-intelligence, science and technology,
information analysis, human, economic and other measures to
predict, detect, deter, prevent,
repel information threats and eliminate the consequences of their
displays;
     d) power of information security -
government bodies, as well as offices and officials
public bodies, local authorities and
organizations authorized to decide in accordance with
the legislation of the Russian Federation to ensure that problems
information security;
     e) the means of information security -
legal, organizational, technical and other means,
Force used information security;
     g) the system of information security -
a set of information security force
implementing a coordinated and planned activities, and
they use means of information security;
     h) the information infrastructure of the Russian Federation (hereinafter -
Information Infrastructure) - a collection of objects
information, information systems and websites in the network "Internet" and
networks situated in the territory of the Russian Federation, and
also in the territories under the jurisdiction of the Russian
Federation or used on the basis of international treaties
Russian Federation.
     3. This doctrine, based on the analysis of the main
Information threats and evaluate information security status
identified strategic objectives and main directions of maintenance
information security, taking into account strategic national
Russian priorities.
     4. The legal basis for the Doctrine is the Constitution
The Russian Federation, generally recognized principles and norms
international law, international treaties of the Russian Federation,
federal constitutional laws, federal laws, as well as
normative legal acts of the Russian Federation President and
Russian Federation.
     5. This doctrine is a document of strategic
in national security planning
The Russian Federation, in which the provisions of the Strategy are developed
the national security of the Russian Federation, approved by Decree
President of Russian Federation   on December 31, 2015 number 683 , and
and other strategic planning documents in this
area.
     6. This doctrine is the basis for the formation of
public policy and development of public relations in
information security, as well as for
develop measures to improve the security system
information security.

         II. National interests in the information sphere

     7. Information technologies have become global
cross-border nature and become an integral part of all spheres
the activities of the individual, society and state. Their effective
application is a factor in accelerating economic development
the state and development of the information society.
     Information sphere plays an important role in ensuring
implementation of strategic national priorities of the Russian
Federation.
     8. The national interests in the information sphere are:
      a) the promotion and protection of the constitutional rights and freedoms
and citizens in respect of the preparation and use
information privacy when using
information technology, provision of information support
democratic institutions, the mechanisms of interaction of the state and
civil society, as well as the application of information technology
in the preservation of the cultural, historical and
spiritual and moral values of the Russian multinational people
Federation;
     b) ensuring sustainable and uninterrupted functioning
information infrastructure, primarily the critical
National information infrastructure (hereinafter -
Critical Information Infrastructure) and a single network
Telecommunications of the Russian Federation, in peacetime, in the period
direct threat of aggression, and in wartime;
     c) development of the Russian Federation in the field of information
technology and electronics industries, as well as improving
production activities, scientific and technical
organizations in the design, manufacture and operation of funds
information security, providing services in the field of
information security;
     g) To bring to the Russian and international public
reliable information on the state policy of the Russian
Federation and its official position on socially significant events in
country and the world, the use of information technology for
ensuring Russia's national security in
the field of culture;
     d) fostering international system
information security aimed at combating
threats of the use of information technologies for violations
strategic stability, strengthening equal
strategic partnership in the field of information security,
and to protect the sovereignty of the Russian Federation in
information space.
     9. Implementation of national interests in the information sphere
aimed at forming safe environment turnover reliable
information and various kinds resistant to impact
information infrastructure in order to provide constitutional
the rights and freedoms of man and citizen, stable
socio-economic development of the country, as well as national
security of the Russian Federation.

                III. Basic information of threat
               and the status of information security

     10. Extension of the scope of information technology,
It is the factor of economic development and improvement of
the functioning of public and state institutions,
at the same time it generates new information threats.
     The possibilities of cross-border circulation of information is increasingly
used to achieve geopolitical contrary
international law, military and political, as well as terrorist,
extremist, criminal and other illegal purposes to the detriment of
international security and strategic stability.
     This practice is the introduction of information technology without
linking with information security essentially
It increases the probability of information threats.
     11. One of the main negative factors affecting the
the state of information security is to build next
foreign information technology capacity
the impact on the IT infrastructure for military purposes.
     At the same time it enhanced the activity of organizations,
conducting technical intelligence in relation to Russian
government agencies, research organizations and enterprises
the military-industrial complex.
     12. Expanding the scale of the use of special services
individual states providing funds
information and psychological warfare, aimed at
destabilization of the political and social situation in various
regions of the world and leads to the undermining of the sovereignty and violation
territorial integrity of other states. In this activity
involved religious, ethnic, and other human rights
organizations as well as individual groups of citizens, with widely
use the potential of information technology.
     There is a trend to an increase in foreign funds
media volume containing materials biased assessment
Russia's state policy.
     Russian media are often subject to
abroad blatant discrimination, Russian journalists
create obstacles to the exercise of their professional
activity.
     Stepping up information on the impact of the population of Russia,
primarily at young people, in order to blur the traditional
Russian spiritual and moral values.
     13. Various terrorist and extremist organizations
widely used mechanisms of information influence on
individual, group and social consciousness in order to
Discharge of ethnic and social tensions, incitement
ethnic and religious hatred or enmity, propaganda
extremist ideologies, as well as engaging in terrorism
activities of new supporters. These organizations
illegal purposes are actively destructive means
the impact on objects of critical information infrastructure.
     14. The scope of computer crime are increasing, especially
only credit and financial sphere, the number of
crimes related to violation of the constitutional rights and freedoms
human and civil rights, including as regards
privacy, personal and family secrets, while
Information processing using personal data
technologies. In this method, the methods and means of committing such
crimes are becoming more sophisticated.
     15. Status information security defense
the country is characterized by an increase in the scope of application of the individual
States and organizations in the information technology
military-political purposes, including for the implementation of the action,
contrary to international law, aimed at undermining the
sovereignty, political and social stability,
The Russian Federation's territorial integrity and its allies
pose a threat to international peace, global and
regional security.
     16. Information Security State in
state and public security is characterized by
constant increasing complexity, increasing the scale and growth
coordinated cyber attacks on critical facilities
information infrastructure, strengthening of intelligence
activities of foreign states against the Russian
Federation, as well as the growing threat of the use of information
technologies in order to harm the sovereignty, territorial
integrity, political and social stability of the Russian
Federation.
     17. The state of information security in the economic
the area is characterized by underdevelopment
competitive information technologies and their use
for the production of goods and services. It remains high
Depending on the level of the domestic industry from foreign
information technology as it relates to e
component base, software, computer equipment
and communications, resulting in dependence
Russia's social and economic development of
geopolitical interests of foreign countries.
     18. status of information security in the field of science,
technology and education is characterized by a lack of
efficiency of research aimed at creating
advanced information technology, low level of implementation
domestic developments and insufficient staffing in
information security, as well as lower
awareness of citizens in matters of personal
information security. At the same time measures to ensure
the security of the information infrastructure, including its integrity,
availability and sustainability of using
domestic information technology and domestic products
often do not have a comprehensive framework.
     19. Information Security State in
strategic stability and equitable strategic
Partnership characterized by the desire of individual countries
use technological superiority to dominate the
information space.
     There is currently a distribution between countries
resources needed to ensure the safe and sustainable
the functioning of the network "Internet" does not allow to implement
equitable sharing based on the principles of trust management
them.
     The absence of international law regulating
intergovernmental relations in the information space, as well as
mechanisms and procedures for their use, taking into account the specificity
information technology, difficult to form a system
international information security, aimed at
the achievement of strategic stability and equitable
strategic partnership.

    IV. The strategic objectives and main directions of ensuring
                     information security

     20. The strategic goal of providing information
Security in the area of national defense is to protect the vital
important interests of the individual, society and state from internal and
external threats involving the use of information technology in
politico-military purposes contrary to international law,
including for the purposes of the hostilities and acts
aggression against the sovereignty, violation
territorial integrity of states and threaten
international peace, security and strategic stability.
     21. In accordance with the military policy of the Russian Federation
the main directions of information security
national defense area are:
     a) strategic deterrence and prevention of military
Conflicts that may arise as a result of
information technologies;
     b) improving the provision of information system
security of the Russian Federation Armed Forces, other troops,
military formations and bodies, including the strength and resources
information warfare;
     c) forecasting, detection and evaluation of information threats,
including threats to the Armed Forces of the Russian Federation
the information sphere;
     d) promote the protection of the interests of the Allies
The Russian Federation in the information sphere;
     d) neutralization of information and psychological impact,
including those aimed at undermining the foundations and historical
patriotic traditions associated with the defense of the fatherland.
     22. The strategic objectives of providing information
in the field of public security and public safety
are the protection of the sovereignty, maintaining political and social
stability, territorial integrity of the Russian Federation,
ensuring fundamental rights and freedoms of man and citizen, as well as
protection of critical information infrastructure.
     23. The main directions of ensuring information
in the field of public security and public safety
They are:
     a) opposition to the use of information technology for
Extremist ideology propaganda of xenophobia,
ideas of national exclusivity in order to undermine the sovereignty,
political and social stability, enforced changes
the constitutional order, violation of territorial integrity
Russian Federation;
     b) suppression of activities that are detrimental to national
security of the Russian Federation, carried out with the use of
hardware and information technologies with special
services and organizations of foreign states, as well as individual
persons;
     c) increasing the security of critical information
infrastructure and sustainability of its functioning, the development of
mechanisms of information threats detection and prevention and
elimination of the consequences of their manifestation, better protection
citizens and territories from emergency situations,
caused by the impact of information and technical objects
critical information infrastructure;
     d) increasing the security of the facilities operation
information infrastructure, including to provide
sustainable cooperation between state bodies to prevent
foreign control over the functioning of such facilities,
ensuring the integrity, stability and functioning
Security of the Russian Federation uniform telecommunications network, as well as
securing information transmitted over it, and
processed in information systems on the territory of the Russian
Federation;
     e) increasing the security of samples functioning
weapons, military and special equipment and automated
management systems;
     e) improving the efficiency of crime prevention,
committed with the use of information technology, and
combating such offenses;
     g) ensure the protection of information containing data,
constituting a state secret, given the limited information
Access and spread, including by increasing
security related information technologies;
     h) improvement of methods and techniques of production and
safe use of the product, based on the provision of services
information technologies using domestic
development, satisfying the information requirements
security;
     i) improving the efficiency of information provision
realization of the state policy of the Russian Federation;
     A) to neutralize the impact of information aimed at
the erosion of traditional Russian spiritual and moral values.
     24. The strategic objectives of providing information
security in the economic sphere are kept to a minimum
possible level of influence of negative factors due
insufficient level of development of the domestic IT industry
technology and electronics industry, development and production
competitive means to ensure information
security, as well as increase the volume and quality of services
information security.
     25. The main directions of ensuring information
security in the economic sphere are:
     a) innovative development of IT industry and
the electronics industry, the increase in the share of this sector of production
of gross domestic product, the structure of the country's exports;
     b) the elimination of the dependence of the domestic industry
foreign information technology and software
information security through the creation, development and a broad
implementation of national development as well as production
and services based on them;
     c) increase the competitiveness of Russian companies,
operating in the sector of information technology and
the electronics industry, development, production and operation
of information security service providers
in the field of information security, including
by creating favorable conditions for the implementation of activities
on the territory of the Russian Federation;
     d) development of domestic competitive electronic
Component Base and electronic technologies
components, ensuring the needs of the internal market in this
production and release of these products on the world market.
     26. The strategic goal of providing information
Security in the field of science, technology and education is
support innovation and accelerated development of the software system
information security, and information technology industry
electronics industry.
     27. The main directions of ensuring information
Security in the field of science, technology and education are:
     a) the achievement of competitiveness of Russian information
technologies and the development of scientific and technical potential in the field of
information security;
     b) the creation and implementation of information technology, which was originally
resistant to various types of impact;
     c) research and implementation of pilot
development in order to create advanced information technologies
and means of information security;
     d) development of human resources in the field of
information security and the use of information technology;
     d) ensuring the security of citizens from threats to information, in
including by creating a culture of personal information
security.
     28. The strategic goal of providing information
Security in the area of strategic stability and equitable
the strategic partnership is to develop a sustainable
non-contentious system of interstate relations in the information
space.
     29. The main directions of ensuring information
Security in the area of strategic stability and equitable
strategic partnership are:
     a) the protection of the sovereignty of the Russian Federation in the information
space through the implementation of an independent and
independent policy aimed at the implementation of national
interests in the information sphere;
     b) participation in the formation of an international information system
safety, providing effective resistance
the use of military and political information technology
manner contrary to international law, as well as
terrorist, extremist, criminal and other
illegal purposes;
     c) creation of international legal mechanisms that take into account
the specifics of information technology, in order to prevent and
settlement of inter-state conflicts in the information
space;
     d) progress in the framework of international organizations
Russian position provides for
equal and mutually beneficial cooperation of all
stakeholders in the field of information;
     d) development of the Russian national control system
segment the network "Internet".

       V. Institutional framework for ensuring information
                            security

     30. The system of information security is
part of the system of national security of the Russian
Federation.
     Information security is carried out on
through a combination of legal, law enforcement,
law enforcement, judicial, and other forms of control
activities of state bodies in cooperation with the authorities
local government, organizations and citizens.
     31. The information security system construction
based on the division of powers of the legislative,
executive and judicial powers in this area, taking into account items
conduct of federal public authorities,
government of the Russian Federation, as well as
local authorities, determined by the legislation
The Russian Federation in the field of security.
     32. The composition of the information security system
determined by the President of the Russian Federation.
     33. The organizational bases of the information system
security are: the Federation Council of the Federal Assembly
The Russian Federation, the State Duma of the Federal Assembly
The Russian Federation, the Russian Government, the Council
Security of the Russian Federation, federal bodies
the executive, the Russian Central Bank,
Military-Industrial Commission of Russia, interdepartmental
bodies established by the President of the Russian Federation and
Russian Government executive bodies
The Russian Federation, local authorities,
judicial authorities, in accordance with decision
Russian Federation participated in the task of
information security.
     Participants of the information security system
are the owners of the objects of critical information
infrastructure and organizations that operate such facilities,
media and mass communications, organizations
monetary, foreign exchange, banking and other areas of financial
market operators, the operators of information systems,
organizations active in development and operation
information systems and networks, for the development, production and
operation of information security at
the provision in the field of information security services,
organizations engaged in educational activities in the
area, public associations, other organizations and citizens,
which, in accordance with Russian legislation
involved in the task of providing information
security.
     34. Activities of public authorities to ensure
Information security is based on the following principles:
     a) the legality of public relations in the sphere of information and
the legal equality of all participants of such relations, based on
the constitutional right of citizens to freely seek, receive,
transfer, produce and disseminate information by any legal
method;
     b) constructive cooperation between government agencies,
organizations and citizens in solving problems to ensure
information security;
     c) the balance between the needs of citizens in a free
exchange of information and the limitations associated with the need to
national security, including information
area;
     g) the adequacy of the forces and means of providing information
safety, defined by including DC
monitoring information threats;
     d) compliance with the universally recognized principles and norms of international
law, international treaties of the Russian Federation, as well as
Russian legislation.
     35. The objectives of the public authorities as part of the
information security are:
     a) protecting the rights and legitimate interests of citizens and
organizations in the field of information;
     b) evaluation of information security,
prediction and detection of information threats, determination
priority areas of prevention and liquidation of consequences
their manifestations;
     c) planning, implementation and evaluation of
a set of measures to ensure information security;
     g) the organization and coordination of the activities of the forces of interaction
information security, improving their
legal, organizational, operational and investigative,
intelligence, counterintelligence, scientific, technical,
information-analytical, human and economic
security;
     d) Development and implementation of measures of state support
organizations active in the development,
the production and operation of providing information
security, to provide services in the field of
information security, as well as organizations engaged
educational activities in this field.
     36. The objectives of the public authorities as part of the
the development and improvement of maintenance of information systems
security are:
     a) strengthening the chain of command and centralization of power
Information security at the federal,
interregional, regional and municipal levels, as well as
the level of information objects, information systems and operators
communications networks;
     b) improving the forms and methods of interaction forces
information security in order to enhance their
readiness to counter threats to information, including
through regular training (exercise);
     c) improving information, analytical and
scientific and technical aspects of the functioning of the security system
information security;
     d) increasing the efficiency of public interaction
agencies, local authorities, organizations and citizens in
solving information security problems.
     37. The implementation of this Doctrine is based on
sectoral strategic planning documents of the Russian
Federation. In order to update any such Council documents
Security of the Russian Federation is determined by a list of
priority areas of information security at
medium term, subject to the provisions of the strategic
Russian Federation forecast.
     38. The results of monitoring the implementation of the Doctrine
reflected in the annual report of the Security Council Secretary
Russian Federation Russian Federation on the status of the President
national security and measures to strengthen it.
Advertisements