Russia updates its IT security strategy in reaction to current tensions

Russia says it is revising its policies to help prevent information warfare, identity-theft and cyber-fraud.

Russia updates its IT security stategy in reaction to current tensions
Russia updates its IT security stategy in reaction to current tensions

The Russian Security Council, a consultative body of the Russian President that helps formulate the President's policy on national security affairs, has announced plans for the creation of a new information security doctrine intended to more efficiently prevent information warfare, identity-theft and cyber-fraud. 

According to Dmitry Gribkov, an adviser to the head of the Council, there is an acute need for a revision of Russia's existing IT security strategy as a result of current tensions with western countries and the ongoing military conflict in Ukraine. 

Dmitry Gribkov commented to SCMagazineUK.com: "The current existing doctrine was approved about 15 years ago and needs to be revised. The new version of the Russian IT security doctrine should be agreed with industry and reflect the interests of the state in the information environment, and in particular, ensure respect for human and civil rights, the development of information and communication technologies, as well as improvement of the competitiveness of Russian products during the establishment of communication networks, as well as ensuring security of national information infrastructure."

These plans have already received support from the Russian Parliament (State Duma). Leonid Levin, chairman of the Duma Committee on Information Policy, Information Technologies and Communications, says Russia needs proactive IT security legislation. He adds that this new Russian IT security legislation should specify new norms and regulations, including compulsory authentication when connecting to open public networks -  which has already been introduced in Russia.

Levin confirms that in addition to the new strategy, the State Duma has already formulated and approved a package of federal laws aimed at strengthening of national IT security.

One is the law requiring personal data on Russians to be stored on servers located in Russia. All Russian Internet companies need to transfer their data to Russian data centres by 2016.

The Russian Parliament says these measures will help to protect users from the leakage of information or disconnection of any services. The new law is due to come into force by 1st September this year and has already sparked criticism from many Russian IT companies and international IT providers operating in the country.

Sergey Plugotarenko, director of the Russian Association of Electronic Commerce (RAEC), a public association, which unites Russia's leading electronic payment service providers, says localisation of data requires IT providers to build a very expensive infrastructure, thereby significantly increasing  costs for both providers and consumers of services.

To date, the Russian Association of Retail Companies, the Russian Association of Internet commerce (Akita) and the Association of Computer and Information Technologies (RATEK) have all called on Russia's President Vladimir Putin to block the new law.

It is planned that the revised doctrine will also encourage the establishment of software production within Russia and increase the powers of law enforcement agencies to block banned information spreading through anonymous networks. This currently occurs in accordance with court decisions and as part of extrajudicial procedure. Russia previously banned use of foreign software for many categories of government services and the new changes will include the introduction of ten percent levy on software sales in Russia, the abolishment of VAT preferences for software developers and the design of Russian analogues of imported software.

Unsurprisingly, the latter proposal has sparked criticism from leading IT companies operating in Russia, including Microsoft, IBM and Google. In a joint letter to Russia's Prime-Minister Dmitry Medvedev, the companies said that such measures will lead to "unnecessary budget expenditure, reduced investment attractiveness, increased prices in the Russian IT-market, as well as a deterioration of the business environment for Russian IT-companies."

The government believes adoption of the new strategy will also help to reduce the number of cyber-crimes in Russia.  Last year some 11,000 crimes were committed in Russia on the internet/in cyber-space or via information technology according to the Russian Interior Ministry, which forecasts the numbers to grow significantly this year.

Alex Moshkov, head of the Bureau of Special Technical Projects of the Russian Interior Ministry, comments:  "Of these crimes, about 41 percent are accounted for by fraud and theft. Unfortunately, the ongoing development of technologies provides new opportunities to commit such crimes and sometimes to (undermine) the law-abiding internet-users and service providers".