Seryodkin S.P. Review of regulatory and legal acts to ensure the security of critical information infrastructure // Informacionnye tehnologii i matematicheskoe modelirovanie v upravlenii slozhnymi sistemami: ehlektronnyj nauchnyj zhurnal [Information technology and mathematical modeling in the management of complex systems: electronic scientific journal], 2022. No. 3(15). P. 47-57. DOI: 10.26731/2658-3704.2022.3(15).47-57 [Accessed 15/10/22]
10.26731/2658-3704.2022.3(15).47-57
To date, Russia has passed the stage of forming a unified state policy in the field of information protection, a regulatory framework has been created for building a security system for significant objects of critical information infrastructure (CII).
This article is devoted to the study of the regulatory framework in the issue of ensuring the safety of significant CII facilities. The chronology of the creation of the legislative framework for the protection of information is given, starting with the key information infrastructure systems (CIIS) and up to the present time, ensuring the security of significant CII facilities (about the CII).
The evolution of the legislative framework on the above issue reflects the dynamics of increasing requirements for the protection of information at CII facilities with the aim of countering the increasing number of threats to information security. The requirements of regulators are primarily aimed at creating an effective system for countering cyber attacks, increasing the responsibility of the subjects of the CII to society and the state in order to protect the vital interests of society from terrorist threats.
The topic of issues on the review of the regulatory framework in accordance with paragraph 1 "Security and countering terrorism" from the list of priority areas for the development of science, technology and technology in the Russian Federation and the list of critical technologies of the Russian Federation" (approved by Decree of the President of the Russian Federation dated July 7, 2011 No. 899) is presented. The current review of the legislation of the Russian Federation on the implementation of requirements for information protection and countering cyber-attacks against CII objects is shown. From the legislative point of view, modern approaches to the creation of a security system of significant objects as a mechanism for protecting vital interests of society from terrorist threats are analyzed. The important role of the regulatory and legal framework for ensuring the safety of CII facilities as the main priority areas of ensuring national security is emphasized.
1. Federal Law No. 187-FZ of June 26, 2017 "On the Security of the Critical Information Infrastructure of the Russian Federation".
2. "Criminal Code of the Russian Federation" dated 13.06.1996 No. 63-FZ.
3. "Code of the Russian Federation on Administrative Offenses" dated 30.12.2001 No. 195-FZ.
4. Federal Law No. 141-FZ of 26.05.2021 "On Amendments to the Code of Administrative Offences of the Russian Federation".
5. Federal Law "On Amendments to the Criminal Code of the Russian Federation and Article 151 of the Criminal Procedure Code of the Russian Federation in Connection with the Adoption of the Federal Law "On the Security of Critical Information Infrastructure of the Russian Federation" dated 26.07.2017 No. 194-FZ.
6. Decree of the President of the Russian Federation No. 400 dated July 2, 2021 "On the National Security Strategy of the Russian Federation".
7. Grachkov I.A., Malyuk A.A. Problems of trusted software development, applied at critical information infrastructure facilities (organizational and methodological aspects). Information Technology Security, [S.L.]. Vol. 26, No. 1. pp. 56-63, 2019. ISSN 2074-7136. DOI: http://dx.doi.org/10.26583/bit.2019.1.06
8. Grachkov I.A. Information security of automated control systems: possible attack vectors and methods of protection. Information Technology Security, [S.L.]. Vol. 25, No. 1. pp. 90-98, 2018. ISSN 2074-7136. DOI: http://dx.doi.org/10.26583/bit.2018.1.09
9. Tarasov, Anatoly M. Okinawa Charter and UN Congresses: Counteraction issues cybercrime. Information Technology Security, [S.L.]. Vol. 26, No. 4. pp. 120-131, 2019.ISSN 2074-7136. DOI: http://dx.doi.org/10.26583/bit.2019.4.09 .
10. Decree of the President of the Russian Federation No. 1085 dated 16.08.2004 "Issues of the Federal Service for Technical and Export Control".
11. "The main directions of the state policy in the field of ensuring the safety of automated control systems for production and technological processes of critical infrastructure facilities of the Russian Federation". Approved by the President of the Russian Federation Dmitry Medvedev on February 3, 2012, No. 803.
12. http://www.consultant.ru/law/hotdocs/54965.html/ © ConsultantPlus, 1992-2022
13. "Security and countering terrorism" from the list of priority areas for the development of science, technology and technology in the Russian Federation and the list of critical technologies of the Russian Federation" (approved by Presidential Decree No. 899 of July 7, 2011)
14. "The Doctrine of Information Security of the Russian Federation". Approved by Decree of the President of the Russian Federation No. 646 of December 5, 2016.
15. Decree of the President of the Russian Federation of 25.11.2017 N 569 "On Amendments to the Regulations on the Federal Service for Technical and Export Control, approved by Decree of the President of the Russian Federation of August 16, 2004 N 1085"