Doctrine of Information Security of the Russian Federation
December 2016
Strategies and Action Plans
The Doctrine of Information Security of the Russian Federation, approved by Presidential Decree No. 646 on 5 December 2016, represents the official strategic vision and guidelines for protecting Russia’s national security in the information domain.
Key Elements of the Doctrine
I. General Provisions
- Purpose and Scope:
- The doctrine outlines Russia’s official views on ensuring national security in the information sphere.
- The information sphere includes information itself, informatisation objects, information systems, websites on the Internet, communication networks, information technologies, and entities engaged in information formation and processing.
- Definitions:
- National Interests in the Information Sphere: Essential needs of individuals, society, and the state for protection and sustainable development in the information domain.
- Information Threats: Actions and factors posing dangers to national interests in the information sphere.
- Information Security: The state of protection against internal and external information threats, ensuring constitutional rights and freedoms, quality of life, sovereignty, territorial integrity, and sustainable socio-economic development.
II. National Interests in the Information Sphere
- Critical Components:
- Protection of constitutional rights and freedoms related to information access and privacy.
- Stable and continuous operation of critical information infrastructure.
- Development of the domestic IT sector and electronic industry.
- Dissemination of accurate information about Russia’s state policies domestically and internationally.
- Contribution to forming a global information security system that counteracts the misuse of information technologies.
III. Main Information Threats
- Expansion of Information Technology Usage:
- The global, cross-border nature of information technologies has become integral to personal, societal, and governmental activities, but also introduces new threats.
- Transnational information flows are increasingly exploited for geopolitical, military-political, terrorist, extremist, and criminal purposes.
- Specific Threats:
- Foreign Information-Technical Influence: Enhancement of foreign states’ capabilities to impact Russia’s information infrastructure.
- Technical Intelligence Activities: Intensified efforts by foreign organisations to gather intelligence on Russian state bodies, scientific organisations, and defense industries.
- Information-Psychological Influence: Use of information technologies to destabilise domestic political and social situations, involving various organisations and groups.
- Media Manipulation: Biased reporting by foreign media and discrimination against Russian media abroad.
- Cybercrime and Data Privacy: Increase in computer crimes, especially in the financial sector, and violations of constitutional rights related to personal data protection.
IV. Strategic Goals and Main Directions
- Defense:
- Strategic Deterrence: Preventing military conflicts arising from information technology usage.
- Improving Military Information Security: Enhancing the security system of the Russian Armed Forces and other military formations.
- Threat Detection and Neutralisation: Forecasting, identifying, and assessing information threats.
- Allies’ Protection: Supporting the information security interests of Russia’s allies.
- Psychological Defense: Counteracting information-psychological impacts that undermine historical and patriotic traditions.
- State and Public Security:
- Sovereignty Protection: Safeguarding political and social stability, territorial integrity, and critical infrastructure.
- Countering Extremism and Propaganda: Opposing the use of information technologies for extremist propaganda and destabilising activities.
- Infrastructure Security: Ensuring the security and resilience of critical information infrastructure.
- Privacy Protection: Enhancing the protection of state secrets and sensitive information.
- Economic Security:
- Reducing Dependence: Decreasing reliance on foreign information technologies and developing domestic capabilities.
- IT and Electronics Industry Development: Promoting innovation and competitiveness in Russia’s IT and electronics sectors.
- Market Presence: Increasing the domestic and international market presence of Russian IT products.
- Science, Technology, and Education:
- Innovative Development: Supporting the rapid development of information security systems and technologies.
- Research and Development: Conducting scientific research and experimental development for advanced information technologies.
- Human Resources Development: Enhancing educational programs and training for information security professionals.
- Public Awareness: Raising public awareness on personal information security.
- International Cooperation:
- Strategic Stability: Promoting peaceful international relations in the information space.
- Legal Frameworks: Establishing international legal mechanisms to prevent and resolve conflicts in the information domain.
- Global Partnerships: Strengthening strategic partnerships in information security and advocating for equitable management of the Internet and information resources.
V. Organisational Foundations
- System Structure:
- The information security system is part of Russia’s broader national security system.
- It involves legislative, enforcement, judicial, and other forms of state activities in coordination with local self-governance, organisations, and citizens.
- Roles and Responsibilities:
- The doctrine specifies the roles of various state bodies and organisations in ensuring information security.
- Coordination and Interaction: Effective coordination among state bodies, local authorities, organisations, and citizens is crucial.
- Monitoring and Evaluation: Continuous monitoring of information threats and evaluating the effectiveness of security measures.
- Implementation and Reporting:
- The doctrine is implemented through sector-specific strategic planning documents.
- The Security Council of the Russian Federation identifies priority areas for medium-term information security.
- Annual reports on the state of national security and measures for its enhancement are presented to the President.