Information security doctrine

Russian Federation

The information security doctrine of the Russian Federation is a set of official views on the goals, objectives, principles and the main directions of ensuring the information security of the Russian Federation.

This doctrine serves as the basis for:

formation of state policy in the field of information security of the Russian Federation;

preparation of proposals for the improvement of legal, methodological, scientific and technical and organizational support of the information security of the Russian Federation;

development of targeted information security programs for the Russian Federation.

This doctrine is developing the concept of national security of the Russian Federation in relation to the information sphere.

I. Information Security of the Russian Federation

1. National interests of the Russian Federation in the information sphere and their provision

The modern stage of the development of society is characterized by an increasing role of the information sphere, which is a set of information, information infrastructure, subjects carrying out the collection, formation, dissemination and use of information, as well as the regulatory system of public relations arising from this. The information sphere, being a system-forming factor in the life of society, actively affects the state of political, economic, defense and other components of the Russian Federation. National Security of the Russian Federation significantly depends on the provision of information security, and during technical progress, this dependence will increase.

Under the information security of the Russian Federation it is understood as the state of the protection of its national interests in the information sphere, which are determined by the combinedness of the balanced interests of the individual, society and the state.

2. Types of threats of information security of the Russian Federation

In its general direction, the threat of information security of the Russian Federation is divided into the following types:

threats to constitutional rights and freedoms of a person and a citizen in the field of spiritual life and information activities, individual, group and public consciousness, the spiritual revival of Russia;

threats to the information support of state policy of the Russian Federation;

threats to the development of the domestic information industry, including the industry of informatization, telecommunications and communications, ensuring the needs of the domestic market in its products and the exit of these products to the world market, as well as ensuring the accumulation, safety and efficient use of domestic information resources;

threats to the safety of information and telecommunications and systems, both already deployed and created in Russia.

3. Sources of threats of information security of the Russian Federation

Sources of threats to the information security of the Russian Federation are divided into external and internal. External sources include:

activities of foreign political, economic, military, intelligence and information structures, aimed against the interests of the Russian Federation in the information sphere;

the desire of a number of countries to dominate and infringement of Russia's interests in the world information space, displacing it from external and internal information markets;

exacerbation of international competition for the possession of information technology and resources;

activities of international terrorist organizations;

an increase in the technological separation of leading powers of the world and increasing their possibilities to counter the creation of competitive Russian information technologies;

activities of cosmic, air, marine and terrestrial technical and other means of exploration of foreign states;

development by a number of states of information wars concepts, providing for the creation of hazardous impacts on information spheres of other countries of the world, violation of the normal functioning of information and telecommunication systems, the safety of information resources, obtaining unauthorized access to them.

Internal sources include:

critical condition of domestic industries;

an unfavorable criminogenist, accompanied by trends in the splicing of state and criminal structures in the information sphere, obtaining criminal structures of access to confidential information, strengthening the influence of organized crime on the life of society, reducing the degree of security of legitimate interests of citizens, society and the state in the information sphere;

insufficient coordination of the activities of federal state bodies, state authorities of the subjects of the Russian Federation on the formation and implementation of a unified state policy in the field of information security of the Russian Federation;

insufficient development of the regulatory framework regulating the relationship in the information sphere, as well as insufficient law enforcement;

underwinement of civil society institutions and insufficient state control over the development of the information market in Russia;

insufficient funding of activities to ensure the information security of the Russian Federation;

insufficient economic power of the state;

reducing the efficiency of the education and education system, the insufficient number of qualified personnel in the field of information security;

the insufficient activity of federal state authorities, state authorities of the subjects of the Russian Federation in informing the Company about its activities, in explaining the decisions made, in the formation of open state resources and the development of a system of access to citizens;

russian lag from leading countries in the level of informatization of federal state authorities, state authorities of the constituent entities of the Russian Federation and local governments, credit and financial sphere, industry, agriculture, education, health care services and life of citizens.

4. The state of information security of the Russian Federation and the main tasks for its provision

In recent years, a set of measures to improve its information security has been implemented in the Russian Federation.

The formation of the legal support of information security has begun. The Law of the Russian Federation "On State Secret", the Fundamentals of the Russian Federation on the Archive Fund of the Russian Federation and the Archives, Federal Laws "On Information, Informatization and Information Protection", "On Participation in International Information Exchange", a number of other laws deployed to create work mechanisms implementation, preparation of draft laws governing public relations in the information sphere.

II. Information security methods of the Russian Federation

5. General methods for providing information security of the Russian Federation

General methods for ensuring information security of the Russian Federation are divided into legal, organizational and technical and economic.

The legal methods for ensuring the information security of the Russian Federation refers to the development of regulatory legal acts regulating relations in the information sphere, and regulatory documents on the issues of information security of the Russian Federation. The most important areas of this activity are:

making changes and additions to the legislation of the Russian Federation, regulating relations in the field of information security, in order to create and improve the system for ensuring the information security of the Russian Federation, eliminating internal contradictions in federal legislation, contradictions related to international agreements to which the Russian Federation joined, and contradictions between federal legislative acts and legislative acts of the constituent entities of the Russian Federation, as well as to concretize legal norms establishing responsibility for the offense in the field of information security of the Russian Federation;

legislative delimitation of powers in ensuring the information security of the Russian Federation between the federal state authorities and the state authorities of the constituent entities of the Russian Federation, the definition of goals, objectives and mechanisms for participation in this activity of public associations, organizations and citizens;

development and adoption of regulatory legal acts of the Russian Federation, establishing the responsibility of legal entities and individuals for unauthorized access to information, its illegal copying, distortion and illegal use, intentional dissemination of inaccurate information, unlawful disclosure of confidential information, use in criminal and mercenary purposes of service information or information, containing a commercial secret;

clarifying the status of foreign news agencies, media and journalists, as well as investors in attracting foreign investments for the development of information infrastructure of Russia.

6. Features of providing information security of the Russian Federation in various spheres of public life

Information security of the Russian Federation is one of the components of the National Security of the Russian Federation and has an impact on the security of the national interests of the Russian Federation in various spheres of the life of society and the state. The threats of information security of the Russian Federation and the methods of its collateral are common to these areas.

Each of them has its own features of information security related to the specifics of security facilities, the degree of their vulnerability in relation to the threats of information security of the Russian Federation. In each area of \u200b\u200bthe life of society and the state, along with general methods of ensuring information security of the Russian Federation, private methods and forms due to the specifics of factors affecting the state of information security of the Russian Federation can be used.

It is written in a complex language, and the rare reader even reaches the middle of this not the largest document. To simplify work with it, I decided to make a brief retelling (review) of the main provisions. Public!

Information security doctrine - This is a system of formal views on ensuring the national security of the Russian Federation in the information sphere.

The document determines the following national Interests In the information sphere (in fact, they have not changed since 2000):

1. Providing and protecting the rights and freedoms of citizens in terms of obtaining and using information, privacy, as well as the preservation of spiritual and moral values.
2. Uninterrupted functioning of a critical information infrastructure (KII).
3. The development of the IT industry in Russia and the electronic industry.
4. Bringing to the Russian and international community of reliable information about the state policy of the Russian Federation.
5. Promoting international information security.

The doctrine is necessary for state policy formation and development of Mer. By improving the information security system.

Information Security (IB) is a state of personality security, society and states from internal and external information threats. Moreover, in the new version of the document, it is also said that at the same time there should be constitutional rights and freedoms, decent quality and standard of living of citizens, sovereignty and territorial integrity of the Russian Federation, its sustainable socio-economic development. as well as state security. Not "security for the sake of security", but even some balance is obtained: the rights of citizens, economics, security.

The document was created on the basis of the analysis of threats and evaluating the status of the IB RF and develops the provisions of the National Security Strategy of the Russian Federation (dated December 31, 2015 No. 683).

Threat of information security of the Russian Federation(information threat) - a set of actions and factors that create the risk of damage to national interests in the information sphere.

The doctrine defines the following major threats Both characteristics iB states(I bring them theses):

• Foreign countries increase opportunities for military infrastructure for military purposes.
• The activities of organizations carrying out technical exploration in relation to Russian organizations increase.
• The introduction of IT without linking with IB increases the likelihood of threats.
• Special services use the methods of information and psychological impact on citizens.
• More and more foreign media commemorate information biased.
• Russian media abroad are subjected to discrimination.
• External informational impact Blinds traditional Russian spiritual and moral values \u200b\u200b(especially in young people).
• Terrorist and extremist organizations are widely used by information impact mechanisms.
• The scale of computer crime is increasing, primarily in the credit and financial sector
• Methods, methods and means of making computer crimes are becoming more sophisticated.
• The complexity and number of coordinated computer attacks on KII objects increases.
• It remains a high level of dependence of the domestic industry from foreign IT.
• Russian scientific research in the field of IT is not effective, there is a lack of personnel.
• Russian citizens have low awareness in the issues of providing personal IB.
• Separate states seek to use technological superiority for dominance in information space. Including on the Internet.

The document recorded the following areas of providing IB Basic directionson them:

1. Defense of the country:
a) strategic deterrence and prevention of military conflicts;
b) improving the system of support of the IB Armed Forces of the Russian Federation;
c) forecasting and evaluation of information threats;
d) facilitating the protection of the interests of the Allies of the Russian Federation;
e) neutralization of information and psychological impact.

2. State and public safety:
a) opposition to the use of IT for propaganda;
b) countering special services using IT;
in, d) improving the security of KII;
e) improving the safety of the functioning of samples of weapons, military and special equipment and automated control systems;
e) opposition to crimes in the field of IT;
g) protection of state secrets and other types of secrets;
h) the development of domestic IT;
and) information support for the State Policy of FR;
k) neutralization of information and psychological impact.

3. Economic sphere:
A-d) Development and support of domestic IT.

4. Science, Technology and Education:
a-c) development of science;
d) development of personnel potential;
e) the formation of a culture of personal IB.

5. Stability and equal strategic partnership
a) the protection of the sovereignty of the Russian Federation in the information space;
bd) participation in the formation of the International IB system;
e) Development of the National Management System of the Russian Segment of the Internet.

The Doctrine of Information Security of the Russian Federation (Doctrine) approved by Decree No. 1895 of the President of the Russian Federation dated September 9, 2000. The doctrine is a set of official views on goals, objectives, principles and main directions for providing information security and serves as the basis for:

Formation of public policy in the field of ensuring the information security of the Russian Federation;

Preparation of proposals for the improvement of legal, methodological, scientific and technical and organizational support of the information security of the Russian Federation;

Development of targeted information security programs of the Russian Federation.

1. Information security of the Russian Federation (types and sources of threats of the IB RF, the state of the IB RF and the main tasks for its provision);

2. Methods of providing IB RF (features of the provision of the IB RF in various areas of public life, international cooperation in the field of providing IB);

3. The main provisions of the State Policy of Security Ib RF (priority measures for the implementation of the State Security Policy in the Russian Federation);

4. Organizational basis for the provision of the IB RF (the main functions of the system of providing IB RF. The main elements of the organizational basis of the Systems of Welfare of the IB RF).

7. Law "On State Secret"

The basis of laws that can be attributed to the information to a particular category of secrets, the principles of information sovereignty and international rules are laid. Regulation of relations arising in connection with the assignment of information for state secrets, their classification and decaying in the interests of ensuring the security of the Russian Federation, is carried out in accordance with the law "On State Secret".

7.1. Basic concepts

State mystery - protected state information in the field of military, foreign policy, economic, intelligence, counterintelligence and operational investigation activities, the dissemination of which can cause damage to the security of the Russian Federation.

Media of information constituting a state secret , - Material objects, including physical fields in which the information constituting the state secret is reflected in the form of symbols, images, signals, technical solutions and processes.

Vulture secrecy - details indicating the degree of secrecy of the information contained in their carrier are affiliated on the medium itself and (or) in the accompanying documentation on it.

Degree of secrecy - the category characterizing the importance of such information, possible damage in the event of its disclosure, the degree of restriction of access to it and the level of its protection by the state.

7.2. List of information constituting a state secret

State secrecy is:

I. Information in the military field:

On the content of strategic and operational plans and other documents of combat management; On the preparation and conduct of military operations, strategic and mobilization deployment of troops and their most important indicators characterizing the organization, number, dislocation, combat and mobilization readiness, combat and other military training, weapons and logistical support of the Armed Forces. border troops and other military formations;

On the direction of the development of certain types of weapons and military equipment, their number, tactical and technical characteristics, organization and technology of production, research and development work related to the development of new samples of weapons and military equipment, modernization of existing samples, as well as other work planned or carried out in the interests of the country;

About the forces and means of civil defense, the readiness of settlements, regions and individual facilities for the protection, evacuation and dispersal of the population, to ensuring its life and production activities of the national economy facilities in wartime or in other emergencies;

On geodesic, gravimetric, cartographic, hydrographic and hydrometeorological data and characteristics that are important for the country's defense.

In order to ensure the information security of the Russian Federation, I decree:

1. To approve the attached information security of the Russian Federation.

2. To recognize the doctrine of the Information Security Council of the Russian Federation, approved by the President of the Russian Federation on September 9, 2000 No. PR-1895.

3. This Decree comes into force on the date of its signing.

President of Russian Federation

V. Putin

Doctrine
information security of the Russian Federation
(approved President of the Russian Federation of December 5, 2016 No. 646)

I. General provisions

1. This doctrine is a system of formal views on ensuring the national security of the Russian Federation in the information sphere.

In this doctrine, under the information sphere, the combination of information, informatization, information systems, websites in the Internet information and telecommunications network (hereinafter - the Internet network), communication networks, information technologies, subjects, whose activities are related to the formation and processing of information , development and use of these technologies, information security, as well as a set of mechanisms for regulating relevant public relations.

2. In this doctrine, the following basic concepts are used:

(a) The national interests of the Russian Federation in the information sphere (hereinafter referred to as national interests in the information sphere) are objectively significant personal needs, society and state in ensuring their security and sustainable development in terms of information sphere;

b) the threat of information security of the Russian Federation (hereinafter - the information threat) is a set of actions and factors that create the danger of damage to national interests in the information sphere;

c) Information security of the Russian Federation (hereinafter - information security) - the state of the security of the personality, society and the states from internal and external information threats, in which the implementation of the constitutional rights and freedoms of a person and citizen, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;

d) ensuring information security - the implementation of interconnected legal, organizational, operational-search, intelligence, counterintelligence, scientific and technical, information and analytical, personnel, economic and other measures to predict, detecting, deterring, preventing, reflecting information threats and eliminating their consequences manifestations;

e) information security forces - government agencies, as well as units and officials of state bodies, local governments and organizations authorized to solve in accordance with the legislation of the Russian Federation to ensure information security;

e) information security tools - legal, organizational, technical and other means used by providing information security;

g) information security system - a set of information security forces carrying out coordinated and planned activities, and the means of providing information security;

h) Information infrastructure of the Russian Federation (hereinafter - information infrastructure) - a set of informatization facilities, information systems, sites in the Internet network and communication networks located in the Russian Federation, as well as in the territories under the jurisdiction of the Russian Federation or used on the basis of international treaties of the Russian Federation.

3. In this Doctrine, based on the analysis of basic information threats and assessing the state of information security, the strategic goals and main areas of providing information security are identified taking into account the strategic national priorities of the Russian Federation.

4. The legal basis of this doctrine is constituted by the Constitution of the Russian Federation, generally accepted principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.

5. This doctrine is a document of strategic planning in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by the Decree of the President of the Russian Federation of December 31, 2015 No. 683, as well as other strategic planning documents in the specified area.

6. This Doctrine is the basis for the formation of public policy and the development of public relations in the field of information security, as well as to develop measures to improve the system for providing information security.

II. National Interests in the Information Sphere

7. Information technologies have acquired a global transboundary nature and have become an integral part of all areas of personality, society and the state. Their effective application is a factor to accelerate the economic development of the state and the formation of the information society.

The information sphere plays an important role in ensuring the implementation of the Strategic National Priorities of the Russian Federation.

8. National interests in the information sphere are:

a) ensuring and protecting the constitutional rights and freedoms of a person and a citizen in terms of obtaining and using information, inviolability of privacy when using information technology, ensuring information support for democratic institutions, mechanisms for the interaction of the state and civil society, as well as the use of information technologies in the interests of saving cultural, historical and spiritual and moral values \u200b\u200bof the multinational people of the Russian Federation;

b) ensuring the sustainable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter referred to as the critical information infrastructure) and the unified telecommunication network of the Russian Federation, in peacetime, during the immediate threat of aggression and in wartime;

c) the development of information technology and electronic industry in the Russian Federation, as well as the improvement of the activities of industrial, scientific and scientific and technical organizations in the development, production and operation of information security tools, the provision of information security services;

d) bringing to the Russian and international community of reliable information on state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies in order to ensure the national security of the Russian Federation in the field of culture;

e) promoting the formation of a system of international information security aimed at countering threats to the use of information technologies in order to violate strategic stability, to strengthen the equal strategic partnership in the field of information security, as well as to protect the sovereignty of the Russian Federation in the information space.

9. The implementation of national interests in the information field is aimed at creating a safe environment of reliable information and sustainable on various types of infrastructure in order to ensure the constitutional rights and freedoms of a person and a citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.

III. Main information threats and status of information security

10. Expanding the applications of information technology, being a factor in the development of the economy and improving the functioning of public and state institutions, simultaneously generates new information threats.

The possibilities of cross-border turnover of information are increasingly used to achieve geopolitical, contrary to international law of military-political, as well as terrorist, extremist, criminal and other illegal goals to the detriment of international security and strategic stability.

At the same time, the practice of introducing information technologies without linking with the provision of information security significantly increases the likelihood of information threats.

11. One of the main negative factors affecting the state of information security is to build up a number of foreign countries of the capabilities of the information and technical impact on the information infrastructure for military purposes.

At the same time, the activities of organizations carrying out technical exploration against Russian state bodies, scientific organizations and enterprises of the defense and industrial complex increase.

12. The scale of the use of special services of individual states of the means of providing information and psychological exposure aimed at destabilizing the domestic political and social situation in various regions of the world and leading to the undermining sovereignty and violation of the territorial integrity of other states. Religious, ethnic, human rights and other organizations, as well as individual groups of citizens, are involved in this activity, while the possibilities of information technologies are widely used.

There is a tendency to increase the volume of materials containing biased assessment of the state policy of the Russian Federation in foreign media. Russian media is often exposed abroad of frank discrimination, the Russian journalists create obstacles to the implementation of their professional activities.

An informational impact on the population of Russia is increasing, primarily the youth, in order to blur the traditional Russian spiritual and moral values.

13. Various terrorist and extremist organizations are widely used by the mechanisms of information impact on the individual, group and public consciousness for the injection of interethnic and social tensions, inciting ethnic and religious hatred or hostility, promotion of extremist ideology, as well as attracting new supporters to the terrorist activities. Such organizations in illegal purposes are actively created by means of destructive impact on objects of critical information infrastructure.

14. The scope of computer crime is increasing, primarily in the credit and financial sector, the number of crimes related to the violation of the constitutional rights and freedoms of a person and a citizen, including in terms of the inviolability of privacy, personal and family secrets, in the processing of personal data using information technologies. At the same time, the methods, methods and means of committing such crimes are becoming more sophisticated.

15. The state of information security in the field of defense of the country is characterized by an increase in the use of individual states and organizations of information technologies for military and political purposes, including for the implementation of actions contrary to international law aimed at undermining sovereignty, political and social stability, territorial integrity of the Russian Federation and its allies and pose a threat to international peace, global and regional security.

16. The state of information security in the field of state and public safety is characterized by a constant increase in complexity, increasing the scale and growth of coordination of computer attacks on critical information infrastructure facilities, strengthening the intelligence activities of foreign countries against the Russian Federation, as well as increasing the threats to the application of information technologies in order to damage sovereignty, territorial integrity, political and social stability of the Russian Federation.

17. The state of information security in the economic sphere is characterized by an insufficient level of development of competitive information technologies and their use for the production of products and the provision of services. It remains a high level of dependence of the domestic industry from foreign information technologies in terms of electronic component base, software, computers and communications, which causes the dependence of the socio-economic development of the Russian Federation on the geopolitical interests of foreign countries.

18. The state of information security in the field of science, technology and education is characterized by insufficient effectiveness of scientific research aimed at creating promising information technologies, a low level of introduction of domestic developments and insufficient personnel security in the field of information security, as well as low awareness of citizens in providing personal information security. . At the same time, measures to ensure the safety of information infrastructure, including its integrity, availability and sustainable functioning, using domestic information technologies and domestic products often do not have a comprehensive basis.

19. The state of information security in the field of strategic stability and an equal strategic partnership is characterized by the desire of individual states to use technological superiority for dominance in the information space.

The current distribution between the resources countries necessary to ensure the safe and sustainable functioning of the Internet network does not allow implementing a joint fair, based on the principles of confidence in the management of them.

The lack of international legal norms regulating interstate relations in the information space, as well as mechanisms and procedures for their application that take into account the specifics of information technologies make it difficult to form a system of international information security aimed at achieving strategic stability and equal strategic partnership.

IV. Strategic objectives and main directions for providing information security

20. The strategic goal of providing information security in the field of defense of the country is to protect the vital interests of the individual, society and states from domestic and external threats related to the application of information technologies in the military-political purposes contrary to international law, including in order to implement hostile actions and acts of aggression aimed at undermining sovereignty, violation of the territorial integrity of states and pursuing the threat to international peace, security and strategic stability.

21. In accordance with the Military Policy of the Russian Federation, the main directions for providing information security in the field of defense of the country are:

a) strategic containment and preventing military conflicts that may arise as a result of the use of information technologies;

b) improving the information security system of the Armed Forces of the Russian Federation, other troops, military formations and bodies, including the forces and means of information confrontation;

c) forecasting, detection and evaluation of information threats, including the threats to the Armed Forces of the Russian Federation in the information sphere;

d) facilitating the protection of the interests of the allies of the Russian Federation in the information sphere;

e) neutralization of information and psychological impact, including aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.

22. The strategic objectives of ensuring information security in the field of state and public security are the protection of sovereignty, maintaining the political and social stability, territorial integrity of the Russian Federation, ensuring the fundamental rights and freedoms of a person and a citizen, as well as the protection of critical information infrastructure.

23. The main directions for providing information security in the field of state and public security are:

a) opposition to the use of information technologies to promote the extremist ideology, the spread of xenophobia, ideas of national exclusivity in order to undermine the sovereignty, political and social stability, a violent change in the constitutional system, violations of the territorial integrity of the Russian Federation;

b) stopping activities that cause damage to the national security of the Russian Federation, carried out using technical means and information technology by special services and organizations of foreign states, as well as individuals;

c) improving the protection of the critical information infrastructure and the sustainability of its functioning, the development of mechanisms for the detection and prevention of information threats and the elimination of the consequences of their manifestation, an increase in the protection of citizens and territories from the effects of emergency situations caused by the information and technical impact on objects of critical information infrastructure;

d) improving the safety of the functioning of information infrastructure facilities, including in order to ensure sustainable interaction of state bodies, preventing foreign control over the functioning of such facilities, ensuring the integrity, sustainability of the functioning and safety of the unified telecommunication network of the Russian Federation, as well as ensuring the safety of information transmitted by it and processed in information systems in the Russian Federation;

e) improving the safety of the functioning of samples of weapons, military and special equipment and automated control systems;

(e) Improving the effectiveness of the prevention of offenses committed using information technology and counteracting such offenses;

g) ensuring the protection of information containing information that make up state secrets, other information of limited access and distribution, including by increasing the security of relevant information technologies;

h) improvement of methods and methods of production and safe application of products, providing services based on information technologies using domestic developments that meet the requirements of information security;

i) increase the efficiency of information support for the implementation of state policy of the Russian Federation;

k) Neutralization of informational influence aimed at the erosion of traditional Russian spiritual and moral values.

24. The strategic objectives of ensuring information security in the economic sphere are the minimum possible level of influence of negative factors caused by the insufficient level of development of the domestic information technology and electronics and electronic industry, the development and production of competitive means of ensuring information security, as well as increasing the volume and quality of service provision in Information security areas.

25. The main directions for providing information security in the economic sphere are:

a) innovative development of the information technology and electronics industry, an increase in the share of the products of this industry in the gross domestic product, in the structure of the country's export;

b) eliminating the dependence of the domestic industry from foreign information technologies and information security tools through the creation, development and widespread introduction of domestic developments, as well as the production of products and the provision of services based on them;

c) improving the competitiveness of Russian companies operating in the information technology and electronics and electronics, development, production and operation of information security tools that provide services in the field of information security, including the creation of favorable conditions for activities in the territory of the Russian Federation ;

d) the development of a domestic competitive electronic component base and technologies for the production of electronic components, ensuring the needs of the domestic market in such products and the release of this product to the world market.

26. The strategic goal of providing information security in the field of science, technology and education is to support the innovative and accelerated development of the information security system, information technology and electronics industry.

27. The main directions for providing information security in the field of science, technology and education are:

a) achieving the competitiveness of Russian information technologies and the development of scientific and technical capacity in the field of information security;

b) the creation and implementation of information technologies originally resistant to different types of impact;

c) conducting scientific research and implementation of experienced developments in order to create promising information technologies and information security tools;

d) the development of personnel potential in the field of information security and the application of information technologies;

e) ensuring the security of citizens from information threats, including through the formation of a personal information security culture.

28. The strategic goal of providing information security in the field of strategic stability and equal strategic partnership is the formation of a sustainable system of non-conflict interstate relations in the information space.

29. The main directions for providing information security in the field of strategic stability and equal strategic partnership are:

a) the protection of the sovereignty of the Russian Federation in the information space through independent and independent policies aimed at implementing national interests in the information sphere;

b) participation in the formation of a system of international information security, which ensures effective opposition to the use of information technologies in military-political purposes, contrary to international law, as well as in terrorist, extremist, criminal and other illegal purposes;

c) the creation of international legal mechanisms that take into account the specifics of information technologies in order to prevent and resolve interstate conflicts in the information space;

d) Promotion as part of the activities of international organizations of the Russian Federation, providing for ensuring equal and mutually beneficial cooperation of all stakeholders in the information sphere;

e) Development of the National Management System of the Russian Segment of the Internet.

V. Organizational basics of information security

30. Information security system is part of the national security system of the Russian Federation.

Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of state bodies in cooperation with local self-government bodies, organizations and citizens.

31. Information security system is based on the delimitation of powers of legislative, executive and judicial authorities in this field, taking into account the subjects of the federal state authorities, the state authorities of the constituent entities of the Russian Federation, as well as local authorities determined by the legislation of the Russian Federation in the field of ensuring security.

32. The composition of the information security system is determined by the President of the Russian Federation.

33. The organizational basis of the information security system is: the Council of Federation of the Federal Assembly of the Russian Federation, the State Duma of the Federal Assembly of the Russian Federation, the Government of the Russian Federation, the Security Council of the Russian Federation, the federal executive authorities, the Central Bank of the Russian Federation, the Military Industrial Commission of the Russian Federation, Interdepartmental bodies created by the President of the Russian Federation and the Government of the Russian Federation, the executive authorities of the constituent entities of the Russian Federation, local governments, the bodies of the judiciary taking into account in accordance with the legislation of the Russian Federation participation in solving information security tasks.

Participants in the information security system are: the owners of objects of critical information infrastructure and organization operating such objects, media and mass communications, the organization of monetary, currency, banking and other fields of the financial market, telecom operators, information systems operators, organizations carrying out Activities for the creation and operation of information systems and communication networks, the development, production and operation of information security tools, to provide information security services, organizations engaged in educational activities in this field, public associations, other organizations and citizens who are According to the legislation of the Russian Federation, participate in solving information security tasks.

34. The activities of state security authorities are based on the following principles:

(a) The legality of public relations in the information sphere and the legal equality of all participants in such relations based on the constitutional law of citizens to freely look for, to receive, transmit, produce and disseminate information by any legitimate way;

b) the constructive interaction of state bodies, organizations and citizens in solving information security tasks;

c) compliance with the balance between the needs of citizens in the free exchange of information and restrictions related to the need to ensure national security, including in the information sphere;

d) the adequacy of forces and means of providing information security, as determined by the continuous monitoring of information threats;

e) compliance with generally accepted principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.

35. The objectives of state bodies within the framework of information security activities are:

a) ensuring the protection of the rights and legitimate interests of citizens and organizations in the information sphere;

b) assessment of the state of information security, forecasting and detecting information threats, the definition of priority directions to prevent and eliminate the consequences of their manifestation;

c) planning, implementation and evaluation of the effectiveness of a complex of information security measures;

d) organization of activity and coordination of the interaction of information security forces, the improvement of their legal, organizational, operational, intelligence, intelligence, counterintelligence, scientific and technical, information and analytical, personnel and economic support;

e) developing and implementing measures for state support of organizations engaged in the development, production and operation of information security tools to provide information security services, as well as organizations carrying out educational activities in this field.

36. The objectives of state bodies in the framework of the development and improvement of the information security system are:

a) strengthening the control vertical and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization objects, information systems and communication network operators;

b) improving the forms and methods for the interaction of information security forces in order to increase their readiness for countering information threats, including through regular training (exercises);

c) improving the information and analytical and scientific and technical aspects of the operation of the information security system;

d) improving the efficiency of interaction between state bodies, local governments, organizations and citizens in solving information security tasks.

37. The implementation of this doctrine is carried out on the basis of sectoral documents of strategic planning of the Russian Federation. In order to actualize such documents, the Security Council of the Russian Federation determines the list of priority areas for providing information security for the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.

38. The results of monitoring the implementation of this doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.

Overview of the document

A new doctrine of the information security of Russia was approved.

The strategic goals and main directions for providing information security are identified.

The main information threats are analyzed. An assessment of the state of information security is given.

It is noted that the practice of introducing information technologies without linking with the provision of information security significantly increases the likelihood of information threats.

The state of information security affects, in particular, the fact that some foreign countries increase the possibilities of information and technical impact on the information infrastructure for military purposes. The activities of organizations carrying out technical reconnaissance in relation to Russian government agencies, scientific organizations and OCP enterprises increase.

There is a tendency to increase in foreign media the volume of materials with a biased assessment of domestic gentlemen. Russian media are often exposed abroad of frank discrimination.

Various terrorist and extremist organizations widely use information impact mechanisms. The scale of computer crime is increasing.

The main directions of providing information security in the field of defense, state and public security, in the economic sphere, in the field of science, technology and education, strategic stability and equal strategic partnerships are given.

The composition of the information security system is determined by the President of the Russian Federation. The joints of Russia establishes a list of priority areas for providing information security for the medium term.

The results of monitoring the implementation of the doctrine are reflected in the annual report of the Secretary Secretary of the President of the Russian Federation.

The previous doctrine of the information security of Russia, approved in 2000, is recognized as invalid.

Decree enters into force from the date of its signing.

DOCTRINE

information security of the Russian Federation

I. General provisions

1. This doctrine is a system of formal views on ensuring the national security of the Russian Federation in the information sphere.
In this doctrine, under the information sphere, the combination of information, information systems, information systems, websites in the Internet information and telecommunications network (hereinafter referred to as the Internet network), communication networks, information technologies, subjects whose activities are related to the formation and processing of information , development and use of these technologies, information security, as well as a set of mechanisms for regulating relevant public relations.

2. In this doctrine, the following basic concepts are used:
(a) The national interests of the Russian Federation in the information sphere (hereinafter referred to as national interests in the information sphere) are objectively significant personal needs, society and state in ensuring their security and sustainable development in terms of information sphere;
b) the threat of information security of the Russian Federation (hereinafter - the information threat) is a set of actions and factors that create the danger of damage to national interests in the information sphere;
c) Information security of the Russian Federation (hereinafter - information security) - the state of the security of the personality, society and the states from internal and external information threats, in which the implementation of the constitutional rights and freedoms of a person and citizen, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state;
d) providing information security - the implementation of mutually related legal, organizational, operational, intelligence, intelligence, counterintelligence, scientific, information, analytical, personnel, economic and other measures to predict, detect, deterrence, prevent, reflect information threats and eliminating their consequences manifestations;
e) information security forces - government agencies, as well as units and officials of state bodies, local governments and organizations authorized to solve in accordance with the legislation of the Russian Federation to ensure information security;
e) information security tools - legal, organizational, technical and other means used by providing information security;
g) information security system - a set of information security forces carrying out coordinated and planned activities, and the means of providing information security;
h) Information infrastructure of the Russian Federation (hereinafter - information infrastructure) - a set of informatization facilities, information systems, sites in the Internet network and communication networks located in the Russian Federation, as well as in the territories under the jurisdiction of the Russian Federation or used on the basis international treaties of the Russian Federation.

3. In this Doctrine, based on the analysis of basic information threats and assessing the state of information security, the strategic goals and main areas of providing information security are identified taking into account the strategic national priorities of the Russian Federation.

4. The legal basis of this doctrine is constituted by the Constitution of the Russian Federation, generally accepted principles and norms of international law, international treaties of the Russian Federation, federal constitutional laws, federal laws, as well as regulatory legal acts of the President of the Russian Federation and the Government of the Russian Federation.

5. This doctrine is a document of strategic planning in the field of ensuring the national security of the Russian Federation, which develops the provisions of the National Security Strategy of the Russian Federation, approved by the Decree of the President of the Russian Federation of December 31, 2015 No. 683, as well as other strategic planning documents in the specified area.

6. This Doctrine is the basis for the formation of public policy and the development of public relations in the field of information security, as well as to develop measures to improve the system for providing information security.

II. National Interests in the Information Sphere

7. Information technologies have acquired a global transboundary nature and have become an integral part of all areas of personality, society and the state. Their effective application is a factor to accelerate the economic development of the state and the formation of the information society.
The information sphere plays an important role in ensuring the implementation of the Strategic National Priorities of the Russian Federation.

8. National interests in the information sphere are:
a) ensuring and protecting the constitutional rights and freedoms of a person and a citizen in terms of obtaining and using information, inviolability of privacy when using information technology, ensuring information support for democratic institutions, mechanisms for the interaction of the state and civil society, as well as the use of information technologies in the interests of saving cultural, historical and spiritual and moral values \u200b\u200bof the multinational people of the Russian Federation;
b) ensuring the sustainable and uninterrupted functioning of the information infrastructure, primarily the critical information infrastructure of the Russian Federation (hereinafter referred to as the critical information infrastructure) and the unified telecommunication network of the Russian Federation, in peacetime, during the immediate threat of aggression and in wartime;
c) the development of information technology and electronic industry in the Russian Federation, as well as the improvement of the activities of industrial, scientific and scientific and technical organizations in the development, production and operation of information security tools, the provision of information security services;
d) bringing to the Russian and international community of reliable information on state policy of the Russian Federation and its official position on socially significant events in the country and the world, the use of information technologies in order to ensure the national security of the Russian Federation in the field of culture;
e) promoting the formation of a system of international information security aimed at countering threats to the use of information technologies in order to violate strategic stability, to strengthen the equal strategic partnership in the field of information security, as well as to protect the sovereignty of the Russian Federation in the information space.

9. The implementation of national interests in the information field is aimed at creating a safe environment of reliable information and sustainable on various types of infrastructure in order to ensure the constitutional rights and freedoms of a person and a citizen, the stable socio-economic development of the country, as well as the national security of the Russian Federation.

III. Main information threats and status of information security

10. Expanding the applications of information technology, being a factor in the development of the economy and improving the functioning of public and state institutions, simultaneously generates new information threats.
The possibilities of cross-border turnover of information are increasingly used to achieve geopolitical, contrary to international law of military-political, as well as terrorist, extremist, criminal and other illegal goals to the detriment of international security and strategic stability.
At the same time, the practice of introducing information technologies without linking with the provision of information security significantly increases the likelihood of information threats.

11. One of the main negative factors affecting the state of information security is to build up a number of foreign countries of the capabilities of the information and technical impact on the information infrastructure for military purposes.
At the same time, the activities of organizations carrying out technical exploration against Russian state bodies, scientific organizations and enterprises of the defense and industrial complex increase.

12. The scale of the use of special services of individual states of the means of providing information and psychological exposure aimed at destabilizing the domestic political and social situation in various regions of the world and leading to the undermining sovereignty and violation of the territorial integrity of other states. Religious, ethnic, human rights and other organizations, as well as individual groups of citizens, are involved in this activity, while the possibilities of information technologies are widely used.
There is a tendency to increase the volume of materials containing biased assessment of the state policy of the Russian Federation in foreign media.
Russian media is often exposed abroad of frank discrimination, the Russian journalists create obstacles to the implementation of their professional activities.
An informational impact on the population of Russia is increasing, primarily the youth, in order to blur the traditional Russian spiritual and moral values.

13. Various terrorist and extremist organizations are widely used by the mechanisms of information impact on the individual, group and public consciousness for the injection of interethnic and social tensions, inciting ethnic and religious hatred or hostility, promotion of extremist ideology, as well as attracting new supporters to the terrorist activities. Such organizations in illegal purposes are actively created by means of destructive impact on objects of critical information infrastructure.

14. The scope of computer crime is increasing, primarily in the credit and financial sector, the number of crimes related to the violation of the constitutional rights and freedoms of a person and a citizen, including in terms of the inviolability of privacy, personal and family secrets, in the processing of personal data using information technologies. At the same time, the methods, methods and means of committing such crimes are becoming more sophisticated.

15. The state of information security in the field of defense of the country is characterized by an increase in the use of individual states and organizations of information technologies for military and political purposes, including for the implementation of actions contrary to international law aimed at undermining sovereignty, political and social stability, territorial integrity of the Russian Federation and its allies and pose a threat to international peace, global and regional security.

16. The state of information security in the field of state and public safety is characterized by a constant increase in complexity, increasing the scale and growth of coordination of computer attacks on critical information infrastructure facilities, strengthening the intelligence activities of foreign countries against the Russian Federation, as well as increasing the threats to the application of information technologies in order to damage sovereignty, territorial integrity, political and social stability of the Russian Federation.

17. The state of information security in the economic sphere is characterized by an insufficient level of development of competitive information technologies and their use for the production of products and the provision of services. It remains a high level of dependence of the domestic industry from foreign information technologies in terms of electronic component base, software, computers and communications, which causes the dependence of the socio-economic development of the Russian Federation on the geopolitical interests of foreign countries.

18. The state of information security in the field of science, technology and education is characterized by insufficient effectiveness of scientific research aimed at creating promising information technologies, a low level of introduction of domestic developments and insufficient personnel security in the field of information security, as well as low awareness of citizens in providing personal information security. . At the same time, measures to ensure the safety of information infrastructure, including its integrity, availability and sustainable functioning, using domestic information technologies and domestic products often do not have a comprehensive basis.

19. The state of information security in the field of strategic stability and an equal strategic partnership is characterized by the desire of individual states to use technological superiority for dominance in the information space.
The current distribution between the resources countries necessary to ensure the safe and sustainable operation of the Internet network does not allow to implement a joint fair, based on the principles of confidence in the management of them.
The lack of international legal norms regulating interstate relations in the information space, as well as mechanisms and procedures for their application that take into account the specifics of information technologies make it difficult to form a system of international information security aimed at achieving strategic stability and equal strategic partnership.

IV. Strategic objectives and main directions for providing information security

20. The strategic goal of providing information security in the field of defense of the country is to protect the vital interests of the individual, society and states from domestic and external threats related to the application of information technologies in the military-political purposes contrary to international law, including in order to implement hostile actions and acts of aggression aimed at undermining sovereignty, violation of the territorial integrity of states and pursuing the threat to international peace, security and strategic stability.

21. In accordance with the Military Policy of the Russian Federation, the main directions for providing information security in the field of defense of the country are:
a) strategic containment and preventing military conflicts that may arise as a result of the use of information technologies;
b) improving the information security system of the Armed Forces of the Russian Federation, other troops, military formations and bodies, including the forces and means of information confrontation;
c) forecasting, detection and evaluation of information threats, including the threats to the Armed Forces of the Russian Federation in the information sphere;
d) facilitating the protection of the interests of the allies of the Russian Federation in the information sphere;
e) neutralization of information and psychological impact, including aimed at undermining the historical foundations and patriotic traditions associated with the defense of the Fatherland.

22. The strategic objectives of ensuring information security in the field of state and public security are the protection of sovereignty, maintaining the political and social stability, territorial integrity of the Russian Federation, ensuring the fundamental rights and freedoms of a person and a citizen, as well as the protection of critical information infrastructure.

23. The main directions for providing information security in the field of state and public security are:
a) opposition to the use of information technologies to promote the extremist ideology, the spread of xenophobia, ideas of national exclusivity in order to undermine the sovereignty, political and social stability, a violent change in the constitutional system, violations of the territorial integrity of the Russian Federation;
b) stopping activities that cause damage to the national security of the Russian Federation, carried out using technical means and information technology by special services and organizations of foreign states, as well as individuals;
c) improving the protection of the critical information infrastructure and the sustainability of its functioning, the development of mechanisms for the detection and prevention of information threats and the elimination of the consequences of their manifestation, an increase in the protection of citizens and territories from the effects of emergency situations caused by the information and technical impact on objects of critical information infrastructure;
d) improving the safety of the functioning of information infrastructure facilities, including in order to ensure sustainable interaction of state bodies, preventing foreign control over the functioning of such facilities, ensuring the integrity, sustainability of the functioning and safety of the unified telecommunication network of the Russian Federation, as well as ensuring the safety of information transmitted by it and processed in information systems in the Russian Federation;
e) improving the safety of the functioning of samples of weapons, military and special equipment and automated control systems;
(e) Improving the effectiveness of the prevention of offenses committed using information technology and counteracting such offenses;
g) ensuring the protection of information containing information that make up state secrets, other information of limited access and distribution, including by increasing the security of relevant information technologies;
h) improvement of methods and methods of production and safe application of products, providing services based on information technologies using domestic developments that meet the requirements of information security;
i) increase the efficiency of information support for the implementation of state policy of the Russian Federation;
K) Neutralization of informational influence aimed at the erosion of traditional Russian spiritual and moral values.

24. The strategic objectives of ensuring information security in the economic sphere are the minimum possible level of influence of negative factors caused by the insufficient level of development of the domestic information technology and electronics and electronic industry, the development and production of competitive means of ensuring information security, as well as increasing the volume and quality of service provision in Information security areas.

25. The main directions for providing information security in the economic sphere are:
a) innovative development of the information technology and electronics industry, an increase in the share of products of this industry in the gross domestic product, b in the structure of the country's export;
b) eliminating the dependence of the domestic industry from foreign information technologies and information security tools through the creation, development and widespread introduction of domestic developments, as well as the production of products and the provision of services based on them;
c) improving the competitiveness of Russian companies operating in the information technology and electronics and electronics, development, production and operation of information security tools that provide services to information security services, including by creating favorable conditions for the activities of the Russian Federation ;
d) the development of a domestic competitive electronic component base and technologies for the production of electronic components, ensuring the needs of the domestic market in such products and the release of this product to the world market.

26. The strategic goal of providing information security B of science, technology and education is to support the innovative and accelerated development of the information security system, the information technology and electronics industry.

27. The main directions for providing information security in the field of science, technology and education are:
a) achieving the competitiveness of Russian information technologies and the development of scientific and technical capacity in the field of information security;
b) the creation and implementation of information technologies originally resistant to different types of impact;
c) conducting scientific research and implementation of experienced developments in order to create promising information technologies and information security tools;
d) the development of personnel potential in the field of information security and the application of information technologies;
e) ensuring the security of citizens from information threats, including through the formation of a personal information security culture.

28. The strategic goal of providing information security B of strategic stability and an equal strategic partnership is to form a sustainable system of non-conflict interstate relations in the information space.

29. The main directions for providing information security in the field of strategic stability and equal strategic partnership are:
a) the protection of the sovereignty of the Russian Federation in the information space through independent and independent policies aimed at implementing national interests in the information sphere;
b) participation in the formation of a system of international information security, which ensures effective opposition to the use of information technologies in military-political purposes, contrary to international law, as well as in terrorist, extremist, criminal and other illegal purposes;
c) the creation of international legal mechanisms that take into account the specifics of information technologies in order to prevent and resolve interstate conflicts in the information space;
d) Promotion as part of the activities of international organizations of the Russian Federation, providing for ensuring equal and mutually beneficial cooperation of all stakeholders in the information sphere;
e) Development of the National Management System of the Russian Segment of the Internet.

V. Organizational basics of information security

30. Information security system is part of the national security system of the Russian Federation.
Ensuring information security is carried out on the basis of a combination of legislative, law enforcement, law enforcement, judicial, control and other forms of state bodies in cooperation with local self-government bodies, organizations and citizens.

31. Information security system is based on the delimitation of powers of legislative, executive and judicial authorities in this field, taking into account the subjects of the federal state authorities, the state authorities of the constituent entities of the Russian Federation, as well as local authorities determined by the legislation of the Russian Federation in the field of ensuring security.

32. The composition of the information security system is determined by the President of the Russian Federation.

33. The organizational basis of the information security system is: the Council of Federation of the Federal Assembly of the Russian Federation, the State Duma of the Federal Assembly of the Russian Federation, the Government of the Russian Federation, the Security Council of the Russian Federation, the federal executive authorities, the Central Bank of the Russian Federation, the Military Industrial Commission of the Russian Federation, Interdepartmental bodies created by the President of the Russian Federation and the Government of the Russian Federation, the executive authorities of the constituent entities of the Russian Federation, local governments, the bodies of the judiciary taking into account in accordance with the legislation of the Russian Federation participation in solving information security tasks.
Participants in the information security system are: the owners of objects of critical information infrastructure and organization operating such objects, media and mass communications, the organization of monetary, currency, banking and other fields of the financial market, telecom operators, information systems operators, organizations carrying out Activities for the creation and operation of information systems and communication networks, the development, production and operation of information security tools, to provide information security services, organizations engaged in educational activities in this field, public associations, other organizations and citizens who are According to the legislation of the Russian Federation, participate in solving information security tasks.

34. The activities of state security authorities are based on the following principles:
(a) The legality of public relations in the information sphere and the legal equality of all participants in such relations based on the constitutional law of citizens to freely look for, to receive, transmit, produce and disseminate information by any legitimate way;
b) the constructive interaction of state bodies, organizations and citizens in solving information security tasks;
c) compliance with the balance between the needs of citizens in the free exchange of information and restrictions related to the need to ensure national security, including in the information sphere;
d) the adequacy of forces and means of providing information security, as determined by the continuous monitoring of information threats;
e) compliance with generally accepted principles and norms of international law, international treaties of the Russian Federation, as well as the legislation of the Russian Federation.

35. The objectives of state bodies within the framework of information security activities are:
a) ensuring the protection of the rights and legitimate interests of citizens and organizations in the information sphere;
b) assessment of the state of information security, forecasting and detecting information threats, the definition of priority directions to prevent and eliminate the consequences of their manifestation;
c) planning, implementation and evaluation of the effectiveness of a complex of information security measures;
d) organization of activity and coordination of the interaction of information security forces, the improvement of their legal, organizational, operational, intelligence, intelligence, counterintelligence, scientific and technical, information and analytical, personnel and economic support;
e) developing and implementing measures for state support of organizations engaged in the development, production and operation of information security tools to provide information security services, as well as organizations carrying out educational activities in this field.

36. The objectives of state bodies in the framework of the development and improvement of the information security system are:
a) strengthening the control vertical and centralization of information security forces at the federal, interregional, regional, municipal levels, as well as at the level of informatization objects, information systems and communication network operators;
b) improving the forms and methods for the interaction of information security forces in order to increase their readiness for countering information threats, including through regular training (exercises);
c) improving the information and analytical and scientific and technical aspects of the operation of the information security system;
d) improving the efficiency of interaction between state bodies, local governments, organizations and citizens in solving information security tasks.

37. The implementation of this doctrine is carried out on the basis of sectoral documents of strategic planning of the Russian Federation. In order to actualize such documents, the Security Council of the Russian Federation determines the list of priority areas for providing information security for the medium term, taking into account the provisions of the strategic forecast of the Russian Federation.

38. The results of monitoring the implementation of this doctrine are reflected in the annual report of the Secretary of the Security Council of the Russian Federation to the President of the Russian Federation on the state of national security and measures to strengthen it.