Doctrine of Information Security of the Russian Federation

December 2016

Strategies and Action Plans

The Doctrine of Information Security of the Russian Federation, approved by Presidential Decree No. 646 on 5 December 2016, represents the official strategic vision and guidelines for protecting Russia’s national security in the information domain.

Key Elements of the Doctrine

I. General Provisions

  1. Purpose and Scope:
    • The doctrine outlines Russia’s official views on ensuring national security in the information sphere.
    • The information sphere includes information itself, informatisation objects, information systems, websites on the Internet, communication networks, information technologies, and entities engaged in information formation and processing.
  2. Definitions:
    • National Interests in the Information Sphere: Essential needs of individuals, society, and the state for protection and sustainable development in the information domain.
    • Information Threats: Actions and factors posing dangers to national interests in the information sphere.
    • Information Security: The state of protection against internal and external information threats, ensuring constitutional rights and freedoms, quality of life, sovereignty, territorial integrity, and sustainable socio-economic development.

II. National Interests in the Information Sphere

  1. Critical Components:
    • Protection of constitutional rights and freedoms related to information access and privacy.
    • Stable and continuous operation of critical information infrastructure.
    • Development of the domestic IT sector and electronic industry.
    • Dissemination of accurate information about Russia’s state policies domestically and internationally.
    • Contribution to forming a global information security system that counteracts the misuse of information technologies.

III. Main Information Threats

  1. Expansion of Information Technology Usage:
    • The global, cross-border nature of information technologies has become integral to personal, societal, and governmental activities, but also introduces new threats.
    • Transnational information flows are increasingly exploited for geopolitical, military-political, terrorist, extremist, and criminal purposes.
  2. Specific Threats:
    • Foreign Information-Technical Influence: Enhancement of foreign states’ capabilities to impact Russia’s information infrastructure.
    • Technical Intelligence Activities: Intensified efforts by foreign organisations to gather intelligence on Russian state bodies, scientific organisations, and defense industries.
    • Information-Psychological Influence: Use of information technologies to destabilise domestic political and social situations, involving various organisations and groups.
    • Media Manipulation: Biased reporting by foreign media and discrimination against Russian media abroad.
    • Cybercrime and Data Privacy: Increase in computer crimes, especially in the financial sector, and violations of constitutional rights related to personal data protection.

IV. Strategic Goals and Main Directions

  1. Defense:
    • Strategic Deterrence: Preventing military conflicts arising from information technology usage.
    • Improving Military Information Security: Enhancing the security system of the Russian Armed Forces and other military formations.
    • Threat Detection and Neutralisation: Forecasting, identifying, and assessing information threats.
    • Allies’ Protection: Supporting the information security interests of Russia’s allies.
    • Psychological Defense: Counteracting information-psychological impacts that undermine historical and patriotic traditions.
  2. State and Public Security:
    • Sovereignty Protection: Safeguarding political and social stability, territorial integrity, and critical infrastructure.
    • Countering Extremism and Propaganda: Opposing the use of information technologies for extremist propaganda and destabilising activities.
    • Infrastructure Security: Ensuring the security and resilience of critical information infrastructure.
    • Privacy Protection: Enhancing the protection of state secrets and sensitive information.
  3. Economic Security:
    • Reducing Dependence: Decreasing reliance on foreign information technologies and developing domestic capabilities.
    • IT and Electronics Industry Development: Promoting innovation and competitiveness in Russia’s IT and electronics sectors.
    • Market Presence: Increasing the domestic and international market presence of Russian IT products.
  4. Science, Technology, and Education:
    • Innovative Development: Supporting the rapid development of information security systems and technologies.
    • Research and Development: Conducting scientific research and experimental development for advanced information technologies.
    • Human Resources Development: Enhancing educational programs and training for information security professionals.
    • Public Awareness: Raising public awareness on personal information security.
  5. International Cooperation:
    • Strategic Stability: Promoting peaceful international relations in the information space.
    • Legal Frameworks: Establishing international legal mechanisms to prevent and resolve conflicts in the information domain.
    • Global Partnerships: Strengthening strategic partnerships in information security and advocating for equitable management of the Internet and information resources.

V. Organisational Foundations

  1. System Structure:
    • The information security system is part of Russia’s broader national security system.
    • It involves legislative, enforcement, judicial, and other forms of state activities in coordination with local self-governance, organisations, and citizens.
  2. Roles and Responsibilities:
    • The doctrine specifies the roles of various state bodies and organisations in ensuring information security.
    • Coordination and Interaction: Effective coordination among state bodies, local authorities, organisations, and citizens is crucial.
    • Monitoring and Evaluation: Continuous monitoring of information threats and evaluating the effectiveness of security measures.
  3. Implementation and Reporting:
    • The doctrine is implemented through sector-specific strategic planning documents.
    • The Security Council of the Russian Federation identifies priority areas for medium-term information security.
    • Annual reports on the state of national security and measures for its enhancement are presented to the President.