BY LOEL HARDING
DECREE THE PRESIDENT OF THE RUSSIAN FEDERATION On approval of the Doctrine of Information Security of the Russian Federation In order to ensure the information security of the Russian Federation of n s t a n o I hereby: 1. To approve the Information Security Doctrine Russian Federation. 2. To recognize as invalid the Doctrine of Information security of the Russian Federation, approved by the President Russian Federation September 9, 2000 № Pr-1895 . 3. This Decree shall enter into force on the day of its signing. Russian President Vladimir Putin Kremlin, Moscow, December 5, 2016 № 646 ___________________ APPROVED by the Decree of the President of the Russian Federation from December 5, 2016 № 646 Doctrine of the Russian Federation Information Security I. General Provisions 1. This doctrine is a system of official views on the national security of the Russian Federation in the information sphere. In this doctrine under the information sphere is understood collection of information, facilities information, information systems and websites in the information and telecommunication network "Internet" (Hereinafter - the "Internet" network), communications networks, information technology, entities, which activity is connected with the formation and information processing, development and use of these technology, information security, as well as the totality of the relevant public regulation mechanisms relationship. 2. In this doctrine, the following basic concepts: a) of the Russian Federation's national interests in the information field (hereinafter - the national interests in the information sphere) - objectively significant needs of the individual, society and state in ensuring their security and sustainable development in part, concerning the information sphere; b) the threat of information security of the Russian Federation (Hereinafter - the threat of information) - a set of actions and factors, creating a danger of damage to national interests the information sphere; c) information security of the Russian Federation (hereinafter - information security) - the state of security of the person, society and the state from internal and external information threats, which provide realization of constitutional rights and freedoms of man and citizen, decent quality and standard of living citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, and the defense State security; g) information security - Implementation interrelated legal, organizational, operational-search, intelligence, counter-intelligence, science and technology, information analysis, human, economic and other measures to predict, detect, deter, prevent, repel information threats and eliminate the consequences of their displays; d) power of information security - government bodies, as well as offices and officials public bodies, local authorities and organizations authorized to decide in accordance with the legislation of the Russian Federation to ensure that problems information security; e) the means of information security - legal, organizational, technical and other means, Force used information security; g) the system of information security - a set of information security force implementing a coordinated and planned activities, and they use means of information security; h) the information infrastructure of the Russian Federation (hereinafter - Information Infrastructure) - a collection of objects information, information systems and websites in the network "Internet" and networks situated in the territory of the Russian Federation, and also in the territories under the jurisdiction of the Russian Federation or used on the basis of international treaties Russian Federation. 3. This doctrine, based on the analysis of the main Information threats and evaluate information security status identified strategic objectives and main directions of maintenance information security, taking into account strategic national Russian priorities. 4. The legal basis for the Doctrine is the Constitution The Russian Federation, generally recognized principles and norms international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as normative legal acts of the Russian Federation President and Russian Federation. 5. This doctrine is a document of strategic in national security planning The Russian Federation, in which the provisions of the Strategy are developed the national security of the Russian Federation, approved by Decree President of Russian Federation on December 31, 2015 number 683 , and and other strategic planning documents in this area. 6. This doctrine is the basis for the formation of public policy and development of public relations in information security, as well as for develop measures to improve the security system information security. II. National interests in the information sphere 7. Information technologies have become global cross-border nature and become an integral part of all spheres the activities of the individual, society and state. Their effective application is a factor in accelerating economic development the state and development of the information society. Information sphere plays an important role in ensuring implementation of strategic national priorities of the Russian Federation. 8. The national interests in the information sphere are: a) the promotion and protection of the constitutional rights and freedoms and citizens in respect of the preparation and use information privacy when using information technology, provision of information support democratic institutions, the mechanisms of interaction of the state and civil society, as well as the application of information technology in the preservation of the cultural, historical and spiritual and moral values of the Russian multinational people Federation; b) ensuring sustainable and uninterrupted functioning information infrastructure, primarily the critical National information infrastructure (hereinafter - Critical Information Infrastructure) and a single network Telecommunications of the Russian Federation, in peacetime, in the period direct threat of aggression, and in wartime; c) development of the Russian Federation in the field of information technology and electronics industries, as well as improving production activities, scientific and technical organizations in the design, manufacture and operation of funds information security, providing services in the field of information security; g) To bring to the Russian and international public reliable information on the state policy of the Russian Federation and its official position on socially significant events in country and the world, the use of information technology for ensuring Russia's national security in the field of culture; d) fostering international system information security aimed at combating threats of the use of information technologies for violations strategic stability, strengthening equal strategic partnership in the field of information security, and to protect the sovereignty of the Russian Federation in information space. 9. Implementation of national interests in the information sphere aimed at forming safe environment turnover reliable information and various kinds resistant to impact information infrastructure in order to provide constitutional the rights and freedoms of man and citizen, stable socio-economic development of the country, as well as national security of the Russian Federation. III. Basic information of threat and the status of information security 10. Extension of the scope of information technology, It is the factor of economic development and improvement of the functioning of public and state institutions, at the same time it generates new information threats. The possibilities of cross-border circulation of information is increasingly used to achieve geopolitical contrary international law, military and political, as well as terrorist, extremist, criminal and other illegal purposes to the detriment of international security and strategic stability. This practice is the introduction of information technology without linking with information security essentially It increases the probability of information threats. 11. One of the main negative factors affecting the the state of information security is to build next foreign information technology capacity the impact on the IT infrastructure for military purposes. At the same time it enhanced the activity of organizations, conducting technical intelligence in relation to Russian government agencies, research organizations and enterprises the military-industrial complex. 12. Expanding the scale of the use of special services individual states providing funds information and psychological warfare, aimed at destabilization of the political and social situation in various regions of the world and leads to the undermining of the sovereignty and violation territorial integrity of other states. In this activity involved religious, ethnic, and other human rights organizations as well as individual groups of citizens, with widely use the potential of information technology. There is a trend to an increase in foreign funds media volume containing materials biased assessment Russia's state policy. Russian media are often subject to abroad blatant discrimination, Russian journalists create obstacles to the exercise of their professional activity. Stepping up information on the impact of the population of Russia, primarily at young people, in order to blur the traditional Russian spiritual and moral values. 13. Various terrorist and extremist organizations widely used mechanisms of information influence on individual, group and social consciousness in order to Discharge of ethnic and social tensions, incitement ethnic and religious hatred or enmity, propaganda extremist ideologies, as well as engaging in terrorism activities of new supporters. These organizations illegal purposes are actively destructive means the impact on objects of critical information infrastructure. 14. The scope of computer crime are increasing, especially only credit and financial sphere, the number of crimes related to violation of the constitutional rights and freedoms human and civil rights, including as regards privacy, personal and family secrets, while Information processing using personal data technologies. In this method, the methods and means of committing such crimes are becoming more sophisticated. 15. Status information security defense the country is characterized by an increase in the scope of application of the individual States and organizations in the information technology military-political purposes, including for the implementation of the action, contrary to international law, aimed at undermining the sovereignty, political and social stability, The Russian Federation's territorial integrity and its allies pose a threat to international peace, global and regional security. 16. Information Security State in state and public security is characterized by constant increasing complexity, increasing the scale and growth coordinated cyber attacks on critical facilities information infrastructure, strengthening of intelligence activities of foreign states against the Russian Federation, as well as the growing threat of the use of information technologies in order to harm the sovereignty, territorial integrity, political and social stability of the Russian Federation. 17. The state of information security in the economic the area is characterized by underdevelopment competitive information technologies and their use for the production of goods and services. It remains high Depending on the level of the domestic industry from foreign information technology as it relates to e component base, software, computer equipment and communications, resulting in dependence Russia's social and economic development of geopolitical interests of foreign countries. 18. status of information security in the field of science, technology and education is characterized by a lack of efficiency of research aimed at creating advanced information technology, low level of implementation domestic developments and insufficient staffing in information security, as well as lower awareness of citizens in matters of personal information security. At the same time measures to ensure the security of the information infrastructure, including its integrity, availability and sustainability of using domestic information technology and domestic products often do not have a comprehensive framework. 19. Information Security State in strategic stability and equitable strategic Partnership characterized by the desire of individual countries use technological superiority to dominate the information space. There is currently a distribution between countries resources needed to ensure the safe and sustainable the functioning of the network "Internet" does not allow to implement equitable sharing based on the principles of trust management them. The absence of international law regulating intergovernmental relations in the information space, as well as mechanisms and procedures for their use, taking into account the specificity information technology, difficult to form a system international information security, aimed at the achievement of strategic stability and equitable strategic partnership. IV. The strategic objectives and main directions of ensuring information security 20. The strategic goal of providing information Security in the area of national defense is to protect the vital important interests of the individual, society and state from internal and external threats involving the use of information technology in politico-military purposes contrary to international law, including for the purposes of the hostilities and acts aggression against the sovereignty, violation territorial integrity of states and threaten international peace, security and strategic stability. 21. In accordance with the military policy of the Russian Federation the main directions of information security national defense area are: a) strategic deterrence and prevention of military Conflicts that may arise as a result of information technologies; b) improving the provision of information system security of the Russian Federation Armed Forces, other troops, military formations and bodies, including the strength and resources information warfare; c) forecasting, detection and evaluation of information threats, including threats to the Armed Forces of the Russian Federation the information sphere; d) promote the protection of the interests of the Allies The Russian Federation in the information sphere; d) neutralization of information and psychological impact, including those aimed at undermining the foundations and historical patriotic traditions associated with the defense of the fatherland. 22. The strategic objectives of providing information in the field of public security and public safety are the protection of the sovereignty, maintaining political and social stability, territorial integrity of the Russian Federation, ensuring fundamental rights and freedoms of man and citizen, as well as protection of critical information infrastructure. 23. The main directions of ensuring information in the field of public security and public safety They are: a) opposition to the use of information technology for Extremist ideology propaganda of xenophobia, ideas of national exclusivity in order to undermine the sovereignty, political and social stability, enforced changes the constitutional order, violation of territorial integrity Russian Federation; b) suppression of activities that are detrimental to national security of the Russian Federation, carried out with the use of hardware and information technologies with special services and organizations of foreign states, as well as individual persons; c) increasing the security of critical information infrastructure and sustainability of its functioning, the development of mechanisms of information threats detection and prevention and elimination of the consequences of their manifestation, better protection citizens and territories from emergency situations, caused by the impact of information and technical objects critical information infrastructure; d) increasing the security of the facilities operation information infrastructure, including to provide sustainable cooperation between state bodies to prevent foreign control over the functioning of such facilities, ensuring the integrity, stability and functioning Security of the Russian Federation uniform telecommunications network, as well as securing information transmitted over it, and processed in information systems on the territory of the Russian Federation; e) increasing the security of samples functioning weapons, military and special equipment and automated management systems; e) improving the efficiency of crime prevention, committed with the use of information technology, and combating such offenses; g) ensure the protection of information containing data, constituting a state secret, given the limited information Access and spread, including by increasing security related information technologies; h) improvement of methods and techniques of production and safe use of the product, based on the provision of services information technologies using domestic development, satisfying the information requirements security; i) improving the efficiency of information provision realization of the state policy of the Russian Federation; A) to neutralize the impact of information aimed at the erosion of traditional Russian spiritual and moral values. 24. The strategic objectives of providing information security in the economic sphere are kept to a minimum possible level of influence of negative factors due insufficient level of development of the domestic IT industry technology and electronics industry, development and production competitive means to ensure information security, as well as increase the volume and quality of services information security. 25. The main directions of ensuring information security in the economic sphere are: a) innovative development of IT industry and the electronics industry, the increase in the share of this sector of production of gross domestic product, the structure of the country's exports; b) the elimination of the dependence of the domestic industry foreign information technology and software information security through the creation, development and a broad implementation of national development as well as production and services based on them; c) increase the competitiveness of Russian companies, operating in the sector of information technology and the electronics industry, development, production and operation of information security service providers in the field of information security, including by creating favorable conditions for the implementation of activities on the territory of the Russian Federation; d) development of domestic competitive electronic Component Base and electronic technologies components, ensuring the needs of the internal market in this production and release of these products on the world market. 26. The strategic goal of providing information Security in the field of science, technology and education is support innovation and accelerated development of the software system information security, and information technology industry electronics industry. 27. The main directions of ensuring information Security in the field of science, technology and education are: a) the achievement of competitiveness of Russian information technologies and the development of scientific and technical potential in the field of information security; b) the creation and implementation of information technology, which was originally resistant to various types of impact; c) research and implementation of pilot development in order to create advanced information technologies and means of information security; d) development of human resources in the field of information security and the use of information technology; d) ensuring the security of citizens from threats to information, in including by creating a culture of personal information security. 28. The strategic goal of providing information Security in the area of strategic stability and equitable the strategic partnership is to develop a sustainable non-contentious system of interstate relations in the information space. 29. The main directions of ensuring information Security in the area of strategic stability and equitable strategic partnership are: a) the protection of the sovereignty of the Russian Federation in the information space through the implementation of an independent and independent policy aimed at the implementation of national interests in the information sphere; b) participation in the formation of an international information system safety, providing effective resistance the use of military and political information technology manner contrary to international law, as well as terrorist, extremist, criminal and other illegal purposes; c) creation of international legal mechanisms that take into account the specifics of information technology, in order to prevent and settlement of inter-state conflicts in the information space; d) progress in the framework of international organizations Russian position provides for equal and mutually beneficial cooperation of all stakeholders in the field of information; d) development of the Russian national control system segment the network "Internet". V. Institutional framework for ensuring information security 30. The system of information security is part of the system of national security of the Russian Federation. Information security is carried out on through a combination of legal, law enforcement, law enforcement, judicial, and other forms of control activities of state bodies in cooperation with the authorities local government, organizations and citizens. 31. The information security system construction based on the division of powers of the legislative, executive and judicial powers in this area, taking into account items conduct of federal public authorities, government of the Russian Federation, as well as local authorities, determined by the legislation The Russian Federation in the field of security. 32. The composition of the information security system determined by the President of the Russian Federation. 33. The organizational bases of the information system security are: the Federation Council of the Federal Assembly The Russian Federation, the State Duma of the Federal Assembly The Russian Federation, the Russian Government, the Council Security of the Russian Federation, federal bodies the executive, the Russian Central Bank, Military-Industrial Commission of Russia, interdepartmental bodies established by the President of the Russian Federation and Russian Government executive bodies The Russian Federation, local authorities, judicial authorities, in accordance with decision Russian Federation participated in the task of information security. Participants of the information security system are the owners of the objects of critical information infrastructure and organizations that operate such facilities, media and mass communications, organizations monetary, foreign exchange, banking and other areas of financial market operators, the operators of information systems, organizations active in development and operation information systems and networks, for the development, production and operation of information security at the provision in the field of information security services, organizations engaged in educational activities in the area, public associations, other organizations and citizens, which, in accordance with Russian legislation involved in the task of providing information security. 34. Activities of public authorities to ensure Information security is based on the following principles: a) the legality of public relations in the sphere of information and the legal equality of all participants of such relations, based on the constitutional right of citizens to freely seek, receive, transfer, produce and disseminate information by any legal method; b) constructive cooperation between government agencies, organizations and citizens in solving problems to ensure information security; c) the balance between the needs of citizens in a free exchange of information and the limitations associated with the need to national security, including information area; g) the adequacy of the forces and means of providing information safety, defined by including DC monitoring information threats; d) compliance with the universally recognized principles and norms of international law, international treaties of the Russian Federation, as well as Russian legislation. 35. The objectives of the public authorities as part of the information security are: a) protecting the rights and legitimate interests of citizens and organizations in the field of information; b) evaluation of information security, prediction and detection of information threats, determination priority areas of prevention and liquidation of consequences their manifestations; c) planning, implementation and evaluation of a set of measures to ensure information security; g) the organization and coordination of the activities of the forces of interaction information security, improving their legal, organizational, operational and investigative, intelligence, counterintelligence, scientific, technical, information-analytical, human and economic security; d) Development and implementation of measures of state support organizations active in the development, the production and operation of providing information security, to provide services in the field of information security, as well as organizations engaged educational activities in this field. 36. The objectives of the public authorities as part of the the development and improvement of maintenance of information systems security are: a) strengthening the chain of command and centralization of power Information security at the federal, interregional, regional and municipal levels, as well as the level of information objects, information systems and operators communications networks; b) improving the forms and methods of interaction forces information security in order to enhance their readiness to counter threats to information, including through regular training (exercise); c) improving information, analytical and scientific and technical aspects of the functioning of the security system information security; d) increasing the efficiency of public interaction agencies, local authorities, organizations and citizens in solving information security problems. 37. The implementation of this Doctrine is based on sectoral strategic planning documents of the Russian Federation. In order to update any such Council documents Security of the Russian Federation is determined by a list of priority areas of information security at medium term, subject to the provisions of the strategic Russian Federation forecast. 38. The results of monitoring the implementation of the Doctrine reflected in the annual report of the Security Council Secretary Russian Federation Russian Federation on the status of the President national security and measures to strengthen it.