employee
The ensuring the security of critical information infrastructure is being considered, which, in the context of digital transformation and growing geopolitical tensions, is of strategic importance for the national security of the Russian Federation. A comprehensive analysis of the legal framework for the protection of critical information infrastructure is carried out. A multi-level regulatory system is considered, including constitutional norms, Decrees of the President of the Russian Federation, departmental acts of the Federal Service for Technical and Export Control, as well as international agreements within the framework of the Shanghai Cooperation Organization and the Collective Security Treaty Organization. Special attention is paid to the relationship between the concepts of «critically important object» and «critical information infrastructure object», the requirements for the protection of automated process control systems and government information systems are analyzed. Based on the analysis of the Recommendations of the CSTO Parliamentary Assembly, key problems of law enforcement practice related to terminological inconsistencies and differences in approaches to the classification of objects are identified, as well as promising areas for improving Russian legislation, including the unification of the conceptual framework and the development of mechanisms for international cooperation.
critical information infrastructure, national security, information security, legal regulation, FSTEC of Russia, Shanghai Cooperation Organization, Collective Security Treaty Organization, critically important facilities, harmonization of legislation, cybersecurity
1. Constitution of the Russian Federation (adopted by popular vote on December 12, 1993, with amendments approved during the all-Russian vote on July 1, 2020) // URL: http://www.kremlin.ru/acts/constitution
2. Decree of the President of the Russian Federation of March 6, 1997 № 188 «On approval of the list of confidential information» // URL: http://www.kremlin.ru/acts/bank/10638
3. Decree of the President of the Russian Federation of November 30, 1995 № 1203 «On approval of the list of information classified as state secrets» // URL: http://www.kremlin.ru/acts/bank/8549
4. Resolution of the Government of the Russian Federation of June 24, 2021 № 981 «On approval of the rules for the formation and approval of the list of critically important facilities» // URL: https://mchs.gov.ru/uploads/document/2023-02-13/e96c00b62e5c37d78dc96a1937d28350.pdf
5. Agreement between the governments of the SCO member states on cooperation in the field of international information security // URL: https://www.mid.ru/ru/foreign_policy/international_contracts/international_contracts/multilateral_contract/50243/
6. Resolution of the Parliamentary Assembly of the Collective Security Treaty Organization «On recommendations for the harmonization of the legislation of the CSTO member states in the field of ensuring the security of critical facilities» // URL: http://paodkb.coalla.ru/uploads/document/file/25/rekomendatsii-po-garmonizatsii-zak_va-gos._chlenov-odkb-v-sfere-obespech.-bezop.-kritich.-vazhn.-obektov.pdf
7. Order of the Federal Service for Technical and Export Control of March 14, 2014 № 31 «On approval of requirements for ensuring information security in automated control systems for production and technological processes at critical facilities, potentially hazardous facilities, as well as facilities posing an increased danger to human life and health and to the environment» // URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-14-marta-2014-g-n-31
8. Order of the Federal Service for Technical and Export Control of February 18, 2013 № 21 «On approval of the composition and content of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems» // URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-18-fevralya-2013-g-n-21
9. Order of the Federal Service for Technical and Export Control of February 11, 2013 № 17 «On approval of requirements for the protection of information that does not constitute a state secret, contained in state information systems» // URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-11-fevralya-2013-g-n-17
10. Order of the Federal Service for Technical and Export Control of December 25, 2017 № 239 «On approval of requirements for ensuring the security of significant objects of the critical information infrastructure of the Russian Federation» // URL: https://fstec.ru/dokumenty/vse-dokumenty/prikazy/prikaz-fstek-rossii-ot-25-dekabrya-2017-g-n-239
11. Order of the Federal Service for Technical and Export Control of December 21, 2017 № 235 «On approval of the Requirements for the creation of security systems for significant objects of the critical information infrastructure of the Russian Federation and ensuring their functioning» // URL: https://regulhub.kaspersky.ru/upload/iblock/5f1/6wm2xzphopuloibokl3jqtl1nd6su03r.pdf
