After a short wait, the Draft Doctrine of Information Security of the Russian Federation appeared on the Web. The document is very high-level, defining only the general goals and directions of development of the system information security... Therefore, the document does not contain any specific descriptions of procedures, products, instructions, etc. Nevertheless, the document is very interesting. It is interesting primarily because of how the state sees information security and how it sees the role of citizens in information security.

Leaving aside the political component of this document(one way or another, and each state has its own interests and naturally each state wants to defend them) and look at it exclusively from the point of view of ensuring information security.

The curious begins already in the section of terms and definitions. Let's say that there are national interests?

That is, national interests are primarily the interests of the state, and not the interests of society as a whole or individual citizens. True, the next paragraph brings the interests of society and the state at the same level:

That is, each of the three parties must sacrifice something for security reasons. In general, the situation does not raise questions - we all live in society and must take into account the interests of others. But who determines who and what should be sacrificed? Moreover, there is one more point in the document:

That is, infringement of the rights and freedoms of citizens is unacceptable. It turns out that the state should sacrifice its interests? The question is extremely interesting, but the document is not disclosed - although at the end of the document it says that:

In this regard, it is extremely interesting - should such a large-scale program go through the legislature?
But back to the beginning of the document - in the definitions section:

Again, there is a bias towards measures on the part of the state, while without the support of society (education of computer literacy, for example), the provision of such large-scale measures is hardly unrealizable.

Strange, but the above definition does not include resources located on foreign servers among the resources to be protected. Even if a company stores its data on servers in Russia, it is often necessary to store and process data on servers located around the world. Is the state refusing to protect the interests of companies or security requirements do not apply to foreign servers?

Unfortunately, most of the points of the project are devoted to strengthening the vertical of power and improving the perfection of the administrative mechanism. In order not to create an incorrect impression - in fact, this is also a necessary matter - let us at least recall the quality of elaboration of laws in the field of information security, the level of tenders, etc. There is a lot to improve in this area. And this is also stated in the document:

What does the document say about the role of individual citizens in improving the level of information security?

Again, mainly measures on the part of the state - to increase the relevance of knowledge through interaction with companies different types involvement of institutions in the process of releasing new products, developing new technologies - not a word

And the development of the personality is again assumed through the implementation of administrative measures - legal regulation and the development of legal consciousness in one paragraph.

The document also mentions the fashionable topic of public-private partnership:

But it will not be possible to get away from certification

If we draw conclusions, the document is not bad, but we would very much like to correct its bias towards strengthening interaction between the state and society - for example, in developing the same concept of security - after all, it will concern us all.

After a short wait, the Draft Doctrine of Information Security of the Russian Federation appeared on the Web. The document is very high-level, defining only the general goals and directions of development of the information security system. Therefore, the document does not contain any specific descriptions of procedures, products, instructions, etc. Nevertheless, the document is very interesting. It is interesting primarily because of how the state sees information security and how it sees the role of citizens in information security.

Let's leave aside the political component of this document (one way or another, and each state has its own interests and naturally each state wants to defend them) and look at it exclusively from the point of view of ensuring information security.

The curious begins already in the section of terms and definitions. Let's say that there are national interests?

That is, national interests are primarily the interests of the state, and not the interests of society as a whole or individual citizens. True, the next paragraph brings the interests of society and the state at the same level:

That is, each of the three parties must sacrifice something for security reasons. In general, the situation does not raise questions - we all live in society and must take into account the interests of others. But who determines who and what should be sacrificed? Moreover, there is one more point in the document:

That is, infringement of the rights and freedoms of citizens is unacceptable. It turns out that the state should sacrifice its interests? The question is extremely interesting, but the document is not disclosed - although at the end of the document it says that:

In this regard, it is extremely interesting - should such a large-scale program go through the legislature?
But back to the beginning of the document - in the definitions section:

Again, there is a bias towards measures on the part of the state, while without the support of society (education of computer literacy, for example), the provision of such large-scale measures is hardly unrealizable.

Strange, but the above definition does not include resources located on foreign servers among the resources to be protected. Even if a company stores its data on servers in Russia, it is often necessary to store and process data on servers located around the world. Is the state refusing to protect the interests of companies or security requirements do not apply to foreign servers?

Unfortunately, most of the points of the project are devoted to strengthening the vertical of power and improving the perfection of the administrative mechanism. In order not to create an incorrect impression - in fact, this is also a necessary matter - let us at least recall the quality of elaboration of laws in the field of information security, the level of tenders, etc. There is a lot to improve in this area. And this is also stated in the document:

What does the document say about the role of individual citizens in improving the level of information security?

Again, mainly measures on the part of the state - about increasing the relevance of knowledge by interacting with companies of various types, involving institutions in the process of releasing new products, developing new technologies - not a word

And the development of the personality is again assumed through the implementation of administrative measures - legal regulation and the development of legal consciousness in one paragraph.

The document also mentions the fashionable topic of public-private partnership:

But it will not be possible to get away from certification

If we draw conclusions, the document is not bad, but we would very much like to correct its bias towards strengthening interaction between the state and society - for example, in developing the same concept of security - after all, it will concern us all.

It is written in a complex language, and a rare reader even reaches the middle of this not the largest document. To simplify the work with him, I decided to make a brief retelling (review) of the main provisions. I publish!

Information security doctrine is a system of official views on ensuring the national security of the Russian Federation in the information sphere.

The document defines the following national interests in the information sphere (in fact, they have not changed since 2000):

1. Ensuring and protecting the rights and freedoms of citizens in terms of receiving and using information, inviolability of private life, as well as the preservation of spiritual and moral values.
2. Uninterrupted operation of critical information infrastructure (CII).
3. Development of the IT and electronic industry in Russia.
4. Communicating to the Russian and international community reliable information on the state policy of the Russian Federation.
5. Promotion of international information security.

Doctrine is essential for shaping public policy and formulating measures to improve the information security system.

Information Security(IB) is a state of protection of the individual, society and the state from internal and external information threats. Moreover, the new version of the document also states that constitutional rights and freedoms, a decent quality and standard of living of citizens, the sovereignty and territorial integrity of the Russian Federation, and its sustainable socio-economic development must be ensured. as well as state security. Not "security for the sake of security", but even a certain balance is obtained: the rights of citizens, the economy, security.

The document was created on the basis of an analysis of threats and an assessment of the state of the information security of the Russian Federation and develops the provisions of the National Security Strategy of the Russian Federation (dated December 31, 2015 No. 683).

The threat to the information security of the Russian Federation(information threat) - a set of actions and factors that create the danger of causing damage to national interests in the information sphere.

The Doctrine defines the following main threats and characteristics information security states(I give them thesis):

• Foreign countries are building up their capabilities to influence IT infrastructure for military purposes.
• The activities of organizations carrying out technical intelligence in relation to Russian organizations are intensifying.
• Implementation of IT without linking to information security increases the likelihood of threats.
• Special services use methods of information and psychological impact on citizens.
• More and more foreign media outlets report biased information.
• Russian media abroad are discriminated against.
• External informational influence erodes traditional Russian spiritual and moral values ​​(especially among young people).
• Terrorist and extremist organizations make extensive use of information impact mechanisms.
• The scale of computer crime is increasing, primarily in the credit and financial sector
• Methods, methods and means of committing computer crimes are becoming more sophisticated.
• The complexity and number of coordinated computer attacks on CII objects are increasing.
• Remains high level dependence of the domestic industry on foreign IT.
• Russian scientific research in the field of IT is not effective enough, there is a lack of personnel.
• Russian citizens have low awareness of issues of personal information security.
• Individual states seek to use their technological superiority to dominate the information space. Including on the Internet.

The document contains the following areas of information security and the main directions for them:

1. Defense of the country:
a) strategic containment and prevention of military conflicts;
b) improving the IS support system of the RF Armed Forces;
c) forecasting and assessing information threats;
d) assistance in protecting the interests of the allies of the Russian Federation;
e) neutralization of information and psychological impact.

2. State and public security:
a) opposition to the use of IT for advocacy;
b) counteraction to special services using IT;
c, d) increasing the security of the CII;
e) increasing the safety of functioning of weapons, military and special equipment and automated systems management;
f) counteracting crimes in the field of IT;
g) protection of state secrets and other types of secrets;
h) development of domestic IT;
i) information support of the state policy of the FR;
j) neutralization of information and psychological impact.

3. Economic sphere:
a-d) development and support of domestic IT.

4. Science, technology and education:
a-c) the development of science;
d) development of human resources;
e) the formation of a culture of personal information security.

5. Stability and equal strategic partnership
a) protection of the sovereignty of the Russian Federation in the information space;
b-d) participation in the formation of the international information security system;
e) development of the national management system Russian segment the Internet.

Information security doctrine

Russian Federation

The information security doctrine of the Russian Federation is a set of official views on the goals, objectives, principles and main directions of ensuring the information security of the Russian Federation.

This Doctrine serves as the basis for:

formation of state policy in the field of information security of the Russian Federation;

preparation of proposals for improving the legal, methodological, scientific, technical and organizational support of the information security of the Russian Federation;

development of targeted programs to ensure information security of the Russian Federation.

This Doctrine develops the Concept of National Security of the Russian Federation in relation to the information sphere.

I. Information security of the Russian Federation

1. National interests of the Russian Federation in the information sphere and their support

The modern stage of development of society is characterized by the increasing role of the information sphere, which is a set of information, information infrastructure, entities that collect, form, disseminate and use information, as well as a system for regulating the resulting social relations. The information sphere, being a backbone factor in the life of society, actively influences the state of the political, economic, defense and other components of the security of the Russian Federation. The national security of the Russian Federation essentially depends on ensuring information security, and during technical progress this dependence will increase.

The information security of the Russian Federation is understood as the state of protection of its national interests in the information sphere, which are determined by the totality of balanced interests of the individual, society and the state.

2. Types of threats to information security of the Russian Federation

In terms of their general orientation, threats to the information security of the Russian Federation are divided into the following types:

threats to the constitutional rights and freedoms of man and citizen in the field of spiritual life and information activities, individual, group and public consciousness, the spiritual revival of Russia;

threats to information support of the state policy of the Russian Federation;

threats to the development of the domestic information industry, including the industry of informatization, telecommunications and communications, meeting the needs of the domestic market in its products and the entry of these products into the world market, as well as ensuring the accumulation, preservation and effective use of domestic information resources;

threats to the security of information and telecommunications facilities and systems, both already deployed and created on the territory of Russia.

3. Sources of threats to the information security of the Russian Federation

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

activities of foreign political, economic, military, intelligence and information structures directed against the interests of the Russian Federation in the information sphere;

the desire of a number of countries to dominate and infringe on Russia's interests in the global information space, to oust it from the external and internal information markets;

aggravation of international competition for the possession of information technologies and resources;

activities of international terrorist organizations;

increasing the technological gap between the leading powers of the world and building up their capabilities to counter the creation of competitive Russian information technologies;

activities of space, air, sea and ground technical and other means (types) of reconnaissance of foreign states;

development of concepts by a number of states information wars, providing for the creation of means of dangerous impact on the information spheres of other countries of the world, disruption of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them.

Internal sources include:

the critical state of domestic industries;

an unfavorable crime situation, accompanied by tendencies for the merging of state and criminal structures in the information sphere, for criminal structures to gain access to confidential information, strengthening the influence of organized crime on the life of society, reducing the degree of protection of the legitimate interests of citizens, society and the state in the information sphere;

insufficient coordination of the activities of federal government bodies, government bodies of the constituent entities of the Russian Federation in the formation and implementation of a unified state policy in the field of ensuring information security of the Russian Federation;

insufficient elaboration of the regulatory legal framework governing relations in the information sphere, as well as insufficient law enforcement practice;

underdevelopment of civil society institutions and insufficient state control over the development of the information market in Russia;

insufficient funding of measures to ensure information security of the Russian Federation;

insufficient economic power of the state;

decrease in the efficiency of the education and training system, insufficient number of qualified personnel in the field of information security;

insufficient activity of federal bodies of state power, bodies of state power of the constituent entities of the Russian Federation in informing society about their activities, in explaining decisions made, in the formation of open state resources and the development of a system of access to them for citizens;

Russia's lag behind the leading countries of the world in terms of informatization of federal government bodies, government bodies of constituent entities of the Russian Federation and local government bodies, credit - financial sphere, industry, agriculture, education, health care, services and everyday life of citizens.

4. The state of information security in the Russian Federation and the main tasks to ensure it

In recent years, the Russian Federation has implemented a set of measures to improve the provision of its information security.

The formation of a legal basis for information security has begun. The Law of the Russian Federation "On State Secrets", Fundamentals of the Legislation of the Russian Federation on the Archival Fund of the Russian Federation and Archives, Federal laws"On Information, Informatization and Protection of Information", "On Participation in International Information Exchange", a number of other laws, work has been launched to create mechanisms for their implementation, to draft laws regulating public relations in the information sphere.

II. Methods for ensuring information security of the Russian Federation

5. General methods of ensuring information security of the Russian Federation

General methods of ensuring information security of the Russian Federation are divided into legal, organizational - technical and economic.

The legal methods of ensuring information security of the Russian Federation include the development of regulatory legal acts governing relations in the information sphere, and regulatory methodological documents on issues of ensuring information security of the Russian Federation. The most important areas of this activity are:

amendments and additions to the legislation of the Russian Federation regulating relations in the field of information security, in order to create and improve the information security system of the Russian Federation, to eliminate internal contradictions in federal legislation, contradictions related to international agreements to which the Russian Federation has joined, and contradictions between federal legislative acts and legislative acts of the constituent entities of the Russian Federation, as well as for the purpose of concretizing legal norms establishing responsibility for offenses in the field of ensuring information security of the Russian Federation;

legislative differentiation of powers in the field of ensuring the information security of the Russian Federation between the federal bodies of state power and bodies of state power of the constituent entities of the Russian Federation, the definition of goals, objectives and mechanisms for participation in this activity of public associations, organizations and citizens;

development and adoption of regulatory legal acts of the Russian Federation establishing liability of legal entities and individuals for unauthorized access to information, its illegal copying, distortion and illegal use, deliberate dissemination of inaccurate information, illegal disclosure of confidential information, use of official information or information for criminal and selfish purposes, containing commercial secrets;

clarification of the status of foreign news agencies, mass media and journalists, as well as investors in attracting foreign investment for the development of Russia's information infrastructure.

6. Features of ensuring information security of the Russian Federation in various spheres of public life

Information security of the Russian Federation is one of the components of the national security of the Russian Federation and affects the protection of the national interests of the Russian Federation in various spheres of the life of society and the state. Threats to the information security of the Russian Federation and methods of ensuring it are common to these areas.

Each of them has its own characteristics of ensuring information security, associated with the specifics of security facilities, the degree of their vulnerability to threats to the information security of the Russian Federation. In every sphere of the life of society and the state, along with general methods to ensure the information security of the Russian Federation, private methods and forms can be used, due to the specifics of the factors affecting the state of information security in the Russian Federation.

The Doctrine of Information Security of the Russian Federation (Doctrine) was approved by Decree No. 1895 of the President of the Russian Federation of September 9, 2000. The Doctrine is a set of official views on the goals, objectives, principles and main directions of ensuring information security and serves as the basis for:

Formation of state policy in the field of information security of the Russian Federation;

Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support for the information security of the Russian Federation;

Development of targeted programs for ensuring the information security of the Russian Federation.

1. Information security of the Russian Federation (types and sources of threats to the information security of the Russian Federation, the state of the information security of the Russian Federation and the main tasks of ensuring it);

2. Methods of ensuring IS RF (features of IS ensuring RF in various spheres of public life, international cooperation in the field of IS ensuring);

3. The main provisions of the state policy of ensuring the information security of the Russian Federation (priority measures for the implementation of the state security policy in the Russian Federation);

4. Organizational basis of RF IS support (main functions of RF IS support systems. Basic elements of the organizational basis of RF IS support systems).

7. Law "on state secrets"

The principles of information sovereignty and international rules are the basis of the laws that make it possible to classify information as one or another category of secrets. The regulation of relations arising in connection with the classification of information as state secrets, their classification and declassification in the interests of ensuring the security of the Russian Federation, is carried out in accordance with the law "On state secrets".

7.1. Basic concepts

State secret - protected state information in the field of military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation.

Carriers of information constituting a state secret , - material objects, including physical fields, in which information constituting a state secret is reflected in the form of symbols, images, signals, technical solutions and processes.

Secrecy label - details indicating the degree of secrecy of the information contained in their carrier, affixed on the carrier itself and (or) in the accompanying documentation for it.

Secrecy - a category characterizing the importance of such information, possible damage in the event of its disclosure, the degree of restriction of access to it and the level of its protection by the state.

7.2. List of information constituting a state secret

State secrets are:

I. Information in the military field:

On the content of strategic and operational plans and on other documents of combat control; on the preparation and conduct of military operations, the strategic and mobilization deployment of troops and on their most important indicators characterizing the organization, strength, deployment, combat and mobilization readiness, combat and other military training, weapons and material and technical support of the Armed Forces. border troops and other military formations;

On the direction of development of certain types of weapons and military equipment, their number, tactical and technical characteristics, organization and production technology, research and development work related to the development of new types of weapons and military equipment, modernization of existing models, as well as others works planned or carried out in the interests of the country;

On the forces and means of Civil Defense, on the readiness of settlements, regions and individual objects to protect, evacuate and disperse the population, to ensure its life and production activities of national economic facilities in wartime or in other emergency situations;

On geodetic, gravimetric, cartographic, hydrographic and hydrometeorological data and characteristics that are important for the defense of the country.