The new doctrine of information security implies that Russia will develop defensive and offensive cyber capabilities to prepare itself for long-term confrontation in a hostile environment.
The Russian government remains a key player not only in providing information security but also in developing information resources. Photo: RIA Novosti
On Dec. 5 Russian President Vladimir Putin approved a new Information Security Doctrine for the nation. It addresses new challenges to the country’s national security that have emerged only recently, primarily due to the increasing penetration of information technologies into nearly all areas of life.
As an economic asset, unlike other industrial or agricultural resources, information possesses very specific features, which make it commercially valuable. In general, information security is the process of preserving the integrity, credibility, accessibility, confidentiality and timeliness of information.
The fundamental question is to what extent the government should be involved in providing information security, given that the more it interferes, the more information is exposed, and the more economic value it loses. Here, it is important to understand key differences in the way Russia and the West understand information security.
Also read: "Information security is back on the global agenda"
Information security in the West
In recent decades, the information security policies of Western countries were focused on finding a perfect balance between government control and individual freedom of information.
While the balance has not yet been found, the experience of the Western world proves that excessive government control over information is harmful for economic growth.
Thus, from a Western perspective, a great deal of information security efforts should be the responsibility of individuals themselves. In general, information security policies in the West with regard to government control are becoming more constrained.
Information security in Russia
In Russia, information security problems are perceived in a different way.
First, Internet technologies have not penetrated Russian society to the same extent as in the West. Russian society is not very dependent on the Internet yet. However, Russia’s integration into the world economy and its participation in globalization process require further development of the Internet. Information security challenges have already been prioritized among other political questions.
The previous information security doctrine was adopted in 2000, and curiously enough, it did not even mention the Internet. The new strategy is more up-to-date; however, it develops many of the previous strategic provisions and maintains a similar approach to the problem.
The Russian government remains a key player not only in providing information security but also in developing information resources. It’s worth mentioning that the government values both technological and contextual aspects of information. While Western policies are mostly focused on providing technical security, Russian policymakers consider the contents of information more vital.
Key provisions of the new doctrine
The new Doctrine continues to address information security issues on three levels: individual, societal and governmental. However, if the 2000 Doctrine prioritized individual interests, the new vision is completely focused on national interests in the field of information.
The term “Internet,” as introduced in the new strategy, is positioned as a basis for information infrastructure in Russia. In general, the new Doctrine matches the new strategic position of the government. Despite the fact that the new concept is a renewal of the information policy after 16 long years, it mainly responds to the international tensions that emerged after the 2014 conflict in Ukraine.
The new posture continues the trend towards further fragmentation of the Russian segment of the Internet and enhancing national information sovereignty. During recent years, Russia’s government passed a number of laws that have significantly increased the level of state responsibility for information security.
For example, recent legislation requires all Internet service providers (ISPs) to store the data on drives physically located on the territory of Russia. This measure basically blocked access to many foreign Internet services. Another piece of legislation requires ISPs to gather the bulk of personal data, keep it for six months and share it with intelligence agencies without any special judiciary procedure.
Another important part of the new strategy is foreign relations. Russia considers providing a foreign audience with proper and authentic information about Russian foreign policy as one of its national interests. According to the document, one of the most serious threats to national security is “increased information influence on the population of Russia, mainly on the young generation, aimed at erosion of traditional Russian spiritual and moral values.” The importance of “proper” content is viewed as more important than technological security.
Also read Russia Direct Report: 'Digital sovereignty: The Kremlin's tangled web of Internet security'
Information security threats for business emerge from the low competitiveness of Russian companies. It’s evident that a high level of dependence on Western technologies is also a challenge for Russian information security. However, economic issues of information security are less important in the Doctrine compared to political and military ones.
The new Doctrine states that strategic deterrence and prevention of military conflicts are among the main venues of ensuring information security. On the one hand, this can mean the use of information as a deterrent for preventing conflicts in cyberspace. On the other, it can mean deterring conventional strategic threats using military cyber capabilities. Most of the studies conducted in Russia and abroad agree that deterrence policies are mostly incompatible with cyberspace.
The new document contains almost no provisions referring to international development and international peace. Most of the conclusions of the Doctrine devoted to international cooperation are aimed at preventing conflicts and defending from foreign interventions into the Russian information field.
The Doctrine basically declares suspension of Russia’s integration into the global Internet, along with the development of a national system of Internet management.
The organizational basis for providing information security is strictly hierarchical, and the government constitutes the core of this system, while Internet users are not mentioned as its participants. Instead, the consolidation of management and centralization of information resources are declared as major priorities for information security.
The new doctrine of information security implies that Russia develops defensive and offensive cyber capabilities to prepare itself for long-term confrontation in a hostile environment.
The opinion of the author may not necessarily reflect the position of Russia Direct or its staff.