The Russian Cyber ​​doctrine: 646 decree of the 5 December 2016

(To Alessandro Rugolo)
30/04/18

The 5 December 2016, with the decree n. 646 signed by the President of the Russian Federation, the Cyber ​​doctrine of Russia is renewed.
Previously, in the 2011, Russia had adhered to the United Nations International Information Security Convention but did not have its own doctrine.

The reading of the document is quite simple, being a text of only 38 articles generally based on a single paragraph.
In the general part, particularly in the 1 article, the purpose of the document is explained: "to ensure the national security of the Russian Federation in the sphere of information"where, by the latter we mean a set of"information, information objectives, information systems and websites within the IT and telecommunications network called the Internet, communication networks, information technologies, entities involved in the creation and processing, development or use of information and information, information security bodies and mechanisms governing public relations in this area."

The 2 article continues by defining the concepts that will be used within the document, starting from the definition of national interests, the threat to national information security, the security of information, forces, means and systems used in information security, the system of information security, up to the information infrastructures of the Russian Federation.

The 3 article states that according to the analysis of the state of security and the main threats to information and taking into account the strategic priorities of the Federation, the doctrine defines the strategic objectives to be achieved.

The 4 article dictates the legal bases on which the doctrine is founded, namely the Russian Constitution, the norms of international law and international treaties, federal constitutional laws, federal laws as well as acts of the president and government.

Article 5 defines decree 646 as a strategic planning document based on the security strategy of the Russian Federation, issued with decree no.683 of 31 December 2015.

In the second part, in particular to the 8 article, national interests are defined in the sphere of information.

The first paragraph states that the Russian Federation must ensure and protect constitutional human and civil rights and freedom regarding the receipt and use of information; privacy, in the use of information technology, providing informative support to democratic institutions and mechanisms of interaction between the State and civil society; use information technology to preserve the values ​​of culture, history, spirituality and morality of the multiethnic population of the Russian Federation.

In the second paragraph we talk about the importance of keeping critical infrastructures and the integrated telecommunications network of the Russian Federation operational. The order then comes the need to support the development of information technology and information security. The article concludes with the indication that the Russian Federation wishes to collaborate in maintaining a secure international information environment, together with all international partners.

With the 11 and 12 articles we introduce one of the main problems, namely the fact that many foreign countries are developing their information technology and intelligence capabilities for military purposes, to be used to influence the world.

The 14 article instead introduces the concept of cybercrime.

The article 17 speaks instead of the dependence of the Russian Federation from foreign powers, in the field of information technology and the production of high-tech components.

Starting from the article 20, Chapter IV of the decree begins, listing and analyzing the strategic objectives and key areas related to the need to ensure IT security in the field of national defense.

The 21 article identifies five key areas:

  1. ensure strategic deterrence and prevent military conflicts that could be conducted through the use of information technology;
  2. improve the information security system of the armed forces of the Russian Federation;
  3. predicting, identifying and recording information threats, including threats to the Federation Armed Forces in the information sphere;
  4. to promote the interests of the allies of the Russian Federation in the information sphere;
  5. to counter information and psychological actions that undermine the historical foundations and patriotic traditions related to the defense of the homeland.

The 22 article continues by presenting the strategic objectives to ensure the security of information for the State and for public security, namely: the protection of sovereignty, the maintenance of social and political stability, the maintenance of the territorial integrity of the Federation, the support human and civil rights and freedoms, as well as the protection of critical infrastructures.

I do not review the remaining individual articles of Chapter IV as they are very easy to read. Only the mention of the 26 and 27 articles that specifically refer to the strategic objective of guaranteeing information security in the scientific, technological and educational fields, including supporting the rapid and innovative development of information system security, information and the electronics sector.

Among the goals to be achieved is the development of research and personnel skills in the field of information security and the use of information technology.
The timely examination of the document makes it clear how much the Russian Federation is interested in the subject.

Having detailed the objectives to be achieved by analyzing the individual areas of interest and the definition of the document as a "strategic planning" document and not a mere list of desired, together with the fact that the article 38 defines the need to monitor the results achieved annually makes it clear how the provisions in this area are to be pursued by decision.

It would be interesting to verify which and how many financial resources are allocated to the implementation of the strategic plan outlined but the document does not mention it.

To learn more:
- http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher...

(photo: web / Kremlin)