Information technology and security: State policy of cyber-security developed in Russia

Security Council of Russia presented a paper, defining the policy in the field of protection of systems of the critically important infrastructure in Russia. It provides for creation by 2020 of a single state system of detection and prevention of computer attacks, while FSB will be charged with the main functions of policy implementation. 

According to the document compliers, objects, the breach or termination of the operation of which may cause the loss of the infrastructure, its destruction and negative changes of the economy of the country or the region, where the object is situated, are considered critically important.

The authors propose five major areas of solving the problem of security management systems of critical objects: in the field of normative-legal base, government regulation, industry and science and technology policy, technology and means of ensuring of information security, as well as advanced staff training.

Implementation of the policy is proposed in three phases: years 2012-2013, 2014-2016 and 2017-2020. The first phase involves the development plan for the implementation of key policies, developing the concept of forces and means to remove the effects of computer incidents in critical information infrastructure, preparation of proposals for changes to the approved state program, and the adjustment of the planned programs.

The second phase has a serious work in the field of normative-legal regulation concerning the regulation of various processes and division of responsibilities, developments in the field of information security, as well as commissioning of the first phase of the Situation Centre of the unified state system to detect and prevent cyber attacks on critical information infrastructure. The same stage is the creation of forces and means to remove the effects of computer incidents.

The third phase, among other things, involves the introduction of integrated security systems at the facilities put into operation of the first stage of storage of the reference software, commissioning a single state system to detect and prevent cyber attacks on critical infrastructure and the situation center.