Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

scholarly journals ON THE FORMATION OF LEGAL AND SCIENTIFIC BASES OF ENSURING THE SAFETY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 29 (5) ◽  
pp. 644-654
Author(s):  
N.M. Kurbatov
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Critical Infrastructure ◽  
Information Infrastructure ◽  
Significant Information ◽  
Critical Information ◽  
Foreign Countries ◽  
History Of ◽  
The Russian Federation ◽  
Definition Of

The concept of critical information infrastructure is analyzed. The history of its formation and consolidation in the legal space of Russian legislation is considered. The article studies the experience of foreign countries in the field of ensuring information security in general and protecting critical infrastructure in particular. The relevance of the chosen topic is due to the course taken by the Russian Federation for the development of the information society in the country, as well as the need to protect significant information systems and resources of state authorities. The author of the article reveals the terms included in the definition of critical information infrastructure, enshrined in the legislation of the Russian Federation. In conclusion, the main problems of the considered regulatory legal acts are highlighted, recommendations are given on the further development of the information security system of critical infrastructure.

scholarly journals FEATURES OF INTELLIGENT INFORMATION SECURITY MANAGEMENT SYSTEMS FOR CRITICAL INFORMATION INFRASTRUCTURE OBJECTS

2020 ◽  
Vol 6 (2) ◽  
pp. 99-104
Author(s):  
Valeria A. Tabakaeva ◽  
Igor N. Karmanov ◽  
Vladimir R. An
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Intelligent Systems ◽  
Information Technologies ◽  
Information Infrastructure ◽  
Management Systems ◽  
Information Security Management ◽  
Critical Information ◽  
The Russian Federation ◽  
Intelligent Information

The article discusses the problem of using intelligent systems in managing information security of critical information infrastructure objects. Currently, the development of information technologies reached the point of transition to widespread use of various intelligent systems. At the same time, their application is also noted in the sphere of ensuring the security of significant objects of critical information infrastructure of the Russian Federation. Cybersecurity parameter management systems have a special place as fundamental elements for ensuring security during operation, as well as responding to external and internal incidents with the required efficiency and speed. In the course of the research, we select ways to solve such problems as choosing a threat model and protection system architecture for an object of critical information infrastructure of the Russian Federation.

scholarly journals CRIMINAL LEGAL ENSURING OF SECURITY OF CRITICAL INFORMATION INFRASTRUCTURE OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 8 (6) ◽  
Author(s):  
Ildar R. Begishev ◽  
Zarina I. Khisamova ◽  
Guzel I. Mazitova
Keyword(s):  
Russian Federation ◽  
Economic Activity ◽  
Information Infrastructure ◽  
Federal State ◽  
Federal Law ◽  
Critical Information ◽  
Computer Attacks ◽  
Training Courses ◽  
The Russian Federation ◽  
Insurance Mechanism

The article considers the problems associated with the development of new state approaches to ensure the security of critical information infrastructure (hereinafter - the CII) in the context of the existence of threats to their information security, including computer attacks in its regard. We analyzed the main provisions of the Federal Law No. 187-FZ dated July 26, 2017 “On the Safety of the CII of the Russian Federation”.We disclosed the content and essence of the concept of “security of the CII”. It is justified that the security of the CII shall be based on the principles and methodology of ensuring national security. We have developed proposals to classify part of the subjects of economic activity as the CII subjects, as well as offered some additional mechanisms to increase the security of the CII. We proposed to develop and implement: the federal state standard of higher education in the direction of “safety of the CII”; retraining and advanced training courses in the direction of “safety of the CII”; a mechanism for improving the qualifications of officials of the CII subjects on various issues of ensuring its security; security insurance mechanism for the CCI; a mechanism for organizing international, all-Russian, regional and sectoral cyber orders at the CII objects. It has been established that the security of the CII directly depends on the correctness of decision-making in countering computer attacks, the speed and effectiveness of the actions of their entities. It is proved that the criminal law norm on liability for unlawful influence on the CII of the Russian Federation shall be changed

INTERSUBJECTIVE INTERACTION AS A SOURCE OF DESTRUCTIVE INFLUENCES ON THE SUBJECT OF CRITICAL INFORMATION INFRASTRUCTURE

2021 ◽  
Vol 54 (2) ◽  
pp. 71-80
Author(s):  
MAKSIMOVA ELENA A. ◽  
◽  
SADOVNIKOVA NATALYA P. ◽  
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Information Infrastructure ◽  
Destructive Effect ◽  
Methodological Basis ◽  
Critical Information ◽  
The Subject ◽  
The Russian Federation ◽  
Methodological Assessment ◽  
The Stability

With the introduction of No. 187-FL in 2017, new priorities have been identified in the Russian Federation at the level of ensuring the stability and information security of society and the state as a whole. The issues of the security of the functioning of the subjects of the critical information infrastructure (CII) are identified as priorities. However, regulatory legal acts introduced on this issue are considered without a methodological assessment of intersubjective interaction at the level of the CII. At the same time, not taking this factor into account when building a security system at CII facilities reduces its effectiveness, brings a destructive effect to the system and can be considered as a vulnerability at the infrastructure level. In this article, the elements of the methodological basis for considering intersubjective interaction as a source of destructive influence on the subject of critical information infrastructure are proposed. The result of the analysis of the types of intersubjective relationships within the areas of functioning of the CII.

scholarly journals State council in the light of the 2020 constitutional reforms

2021 ◽  
Vol 39 (3) ◽  
pp. 52-55
Author(s):  
P. R. Magomedova ◽  
Keyword(s):  
Russian Federation ◽  
Legal Status ◽  
The State ◽  
State Council ◽  
Federal Law ◽  
Public Power ◽  
Advisory Body ◽  
Constitutional Reforms ◽  
Presidential Decree ◽  
The Russian Federation

The article analyzes the prerequisites for changing the legal status of the State Council of the Russian Federation, analyzes the Federal Law "On the State Council of the Russian Federation" dated December 8, 2020 No. 394-FZ and studies the changes that came into force in the light of the constitutional reforms of 2020. According to this Law, the State Council of the Russian Federation should become a real mechanism of public power in Russia, while remaining an advisory body and a platform for coordinating the interests of the regions and the center. The author conducted a comparative analysis of the State Council, which acted in accordance with the Presidential Decree of 2000, and the law adopted in 2020. Based on the conducted research, the author concludes that the amendments to the Constitution of the Russian Federation adopted in 2020 are timely and necessary in order to restore the existing government.

scholarly journals ASSESSMENT OF COMPLIANCE OF INFORMATION SECURITY MEANS ON SIGNIFICANT OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2020 ◽  
Vol 6 (1) ◽  
pp. 155-160
Author(s):  
Julia A. Isaeva ◽  
Anastasiya S. Goldobina ◽  
Dmitry M. Nikulin
Keyword(s):  
Information Security ◽  
Russian Federation ◽  
Assessment Process ◽  
Functional Requirements ◽  
Critical Information ◽  
Compliance Assessment ◽  
Information Infrastructures ◽  
Important Means ◽  
The Russian Federation ◽  
Assessment Of Compliance

The need to assess the compliance of information security means depends on the importance of the information, processed at the enterprise. The lack of specific requirements and criteria for conducting an assessment will cause the protection tools to function incorrectly this, in turn, will lead to unpredictable consequences, as well as to the disruption of the functioning of significant objects. Even with the changes made to the legislation of the Russian Federation, there is no specific algorithm for assessment the compliance of certain classes of security tools, such as DLP systems. This article describes the changes made to the legislation and how they will affect the compliance assessment process. The selected security profile, along with GOST 15408-2012, reveals such concepts as functional requirements of trust and security functions. Taking these regulations into account, it is possible to develop a method for conducting compliance assessment for DLP systems, which are an extremely important means of protecting against leaks of confidential information on significant objects of critical information infrastructures.

scholarly journals Provision of security of the Unified Federal Information Register Containing Data on the Population of the Russian Federation

2020 ◽  
pp. 10-18
Author(s):  
Artem Nikolaevich Gulemin
Keyword(s):  
Information System ◽  
Public Relations ◽  
Russian Federation ◽  
Personal Data ◽  
Information Infrastructure ◽  
Legal Regulation ◽  
Critical Information ◽  
The Russian Federation ◽  
The Government ◽  
Legal Security

The object of this research is the public relations with regards to processing of information in the Unified Federal Information Register Containing Data on the Population of the Russian Federation n. Besides the Federal Law “On the Unified Federal Information Register Containing Data on the Population of the Russian Federation”, the subject of this research is legislation in the area of personal data and legislation on the critical information infrastructure. Based on the main formal and substantive aspects, the author defines the indicated register as a variety of register-based information; substantiates the relevance of application of the principles of framework regulation of information law in the context of creating the register; raises the question on the need to recognize the information system that processes data contained in the register as a valuable object of critical information infrastructure. The novelty of this research consists in the fact that this article is one of the first works dedicated to provision of legal security of the Unified Federal Information Register Containing Data on the Population of the Russian Federation. The following conclusions and proposals on improvement of legislation are formulated: 1) The principles of legal regulation established by legislation with regards to information as the object of legal regulation should be applied to the created register; any unauthorized actions with a separate register entry should be viewed as violation of integrity of the entire object. 2) Due to critical importance of the data contained in the register, it is essential to set confidentiality restrictions, and recognize the federal nformation system that processes data contained in the register as a valuable object of critical information infrastructure. 3) In the text of the Law “On the Unified Federal Information Register Containing Data on the Population of the Russian Federation”, it is necessary to specify the responsibilities of operator of the federal information system who maintains the federal register and compliance with the requirements of legislation on the security of critical information infrastructure. It is also necessary to clarify the provisions of the Decree of the Government of the Russian Federation that establishes a list of criteria of importance of the objects of critical information infrastructure of the Russian Federation and their value.

scholarly journals CONFORMITY ASSESSMENT OF INFORMATION PROTECTION TOOLS IN CRITICAL INFORMATION INFRASTRUCTURES OF THE RUSSIAN FEDERATION

2019 ◽  
Vol 6 (1) ◽  
pp. 203-208
Author(s):  
Julia Isaeva ◽  
Valentin Selifanov
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Russian Federation ◽  
Conformity Assessment ◽  
Information Protection ◽  
Critical Information ◽  
Information Infrastructures ◽  
The Russian Federation

The need for conformity assessment of information security tools at significant objects of critical information infrastructures is demonstrated. In the absence of necessary criteria description for information systems, a possibility of threats implementation appears, which will lead to disruption of functioning of significant objects.

Sign in / Sign up

Export Citation Format

Share Document