(by Alessandro Rugolo) The 5 December 2016, with the decree n. 646 signed by the President of the Russian Federation, the Cyber doctrine of Russia is renewed. Previously, in the 2011, Russia had adhered to the United Nations International Information Security Convention but did not have its own doctrine. The reading of the document is quite simple, being a text of only 38 articles generally based on a single paragraph.
In the general part, in particular in article 1, the purpose of the document is made explicit: "to ensure the national security of the Russian Federation in the sphere of information" where, by the latter, we mean a set of "information, objectives information systems, information systems and websites within the computer and telecommunications network called the Internet, communication networks, information technologies, entities involved in the creation and processing, development or use of information and information technologies, information security bodies and the mechanisms that regulate public relations on the subject. "
Article 2 continues by defining the concepts that will be used within the document, starting with the definition of national interests, the threat to national information security, information security, forces, means and systems used in information security, the system of information security, up to the information infrastructures of the Russian Federation.
Article 3 establishes that based on the analysis of the state of security and the main threats to information and in consideration of the strategic priorities of the Federation, the doctrine defines the strategic objectives to be achieved.
Article 4 dictates the legal bases on which the doctrine is based, namely the Russian Constitution, the norms of international law and international treaties, federal constitutional laws, federal laws as well as the acts of the president and the government.
Article 5 defines decree 646 as a strategic planning document based on the security strategy of the Russian Federation, issued with decree no.683 of 31 December 2015.
In the second part, in particular in Article 8, national interests in the sphere of information are defined.
The first paragraph states that the Russian Federation must ensure and protect constitutional human and civil rights and the freedom regarding the reception and use of information; privacy, in the use of information technologies, providing information support to democratic institutions and mechanisms of interaction between the state and civil society; use information technologies to preserve the values of the culture, history, spirituality and morals of the multi-ethnic population of the Russian Federation.
The second paragraph discusses the importance of keeping the critical infrastructures and the integrated telecommunications network of the Russian Federation operational. Then comes the need to support the development of information technologies and information security. The article concludes with the indication that the Russian Federation wishes to collaborate in maintaining a secure international information environment, together with all international partners.
With the 11 and 12 articles we introduce one of the main problems, namely the fact that many foreign countries are developing their information technology and intelligence capabilities for military purposes, to be used to influence the world.
Article 14 introduces the concept of cybercrime.
Article 17 speaks instead of the dependence of the Russian Federation on foreign powers, in the field of information technologies and the production of high-tech components.
Chapter IV of the decree begins with article 20, where the strategic objectives and key areas related to the need to ensure IT security in the field of national defense are listed and analyzed.
Article 21 identifies five key areas:
- ensure strategic deterrence and prevent military conflicts that could be conducted through the use of information technologies;
-Improve the information security system of the armed forces of the Russian Federation;
- to predict, identify and censor information threats, including threats to the Federation Armed Forces in the information sphere;
-promote the interests of the allies of the Russian Federation in the information sphere;
to counter information and psychological actions that undermine the historical foundations and patriotic traditions related to the defense of the homeland.
Article 22 continues by presenting the strategic objectives for ensuring information security for the State and for public security, namely: the protection of sovereignty, the maintenance of social and political stability, the maintenance of the territorial integrity of the Federation, the human and civil rights and freedoms, as well as the protection of critical infrastructures.
I do not proceed to examine the remaining individual articles of Chapter IV as they are very easy to read. Articles 26 and 27 deserve only a separate mention, which specifically refer to the strategic objective of guaranteeing information security in the scientific, technological and educational fields, also by supporting the innovative and rapid development of the security of information systems, information and electronics sector.
The goals to be achieved include the development of research and the skills of personnel in the field of information security and the use of information technologies.
The detailed examination of the document shows how much the Russian Federation is interested in the subject.
Having detailed the objectives to be achieved by analyzing the individual sectors of interest and the definition of the document itself as a "strategic planning" document and not a mere list of wishes, combined with the fact that Article 38 defines the need to submit by monitoring the results achieved annually, it clearly suggests that the relevant provisions must be pursued decisively.
It would be interesting to verify which and how much financial resources are destined to the realization of the strategic plan outlined but in the document we do not talk about it.