Russian Federation Last Updated: May 2019

CYBERSECURITY POLICY

Strategy Documents

Strategy for the Development of the Information Society in the Russian Federation for 2017–2030
The President of the Russian Federation

Defines the goals, objectives and measures for implementation of the domestic and foreign policy of the Russian Federation in the field of
information and communication technologies, aimed at the development of the information society, the formation of the national digital economy,
ensuring national interests and implementation of strategic national priorities

Aims to help ensure the following national interests:

1. human development
2. ensuring the security of citizens and the state
3. increasing the role of Russia in the global humanitarian and cultural space
4. development of free, sustainable and secure interaction among citizens and organizations, Russia's state and local authorities
5. increasing the efficiency of public administration, economic and social development
6. formation of digital economy

Prioritizes areas that are deemed essential for the successful development of Russian information and communications technologies, including
new generation of electronic networks, effective procesing of Big Data, AI, electronic identification and authentication (with special emphasis on
banking), cloud and fog computing, Industrial Internet and Internet of Things (IoT), robotics and bio-technologies; and information security

Source Source 2
9 May 2017

Doctrine of Information Security

The President of the Russian Federation; Security Council of the Russian Federation

Identifies the following key areas of ensuring information security in the field of national defence:

1. Ensuring strategic deterrence and preventing military conflicts that may be brought about by the use of information technologies
2. Upgrading the information security system of the Armed Forces, other troops, military formations and bodies, including forces and means of
information confrontation
3. Forecasting, identifying and assessing information threats, including threats to the Armed Forces of the Russian Federation in information sphere
4. Promoting the interests of the Russian Federation's allies in information sphere
5. Countervailing information and psychological actions, including those aimed at undermining the historical foundations and patriotic traditions
related to defending the homeland

Source Source 2
5 December 2016

National Security Concept of the Russian Federation

The President of the Russian Federation; Security Council of the Russian Federation

The intensifying confrontation in the global information arena is exerting an increasing influence on the nature of the international situation
Main threats to Russia's security include activities connected with the use of information and communication technologies to disseminate and
promote the ideology of fascism, extremism, terrorism, and separatism, and to endanger the civil peace and political and social stability in society
The system for identifying and analyzing threats in the information sphere and countering them is being improved
Measures are being taken to increase the protection of citizens and society from the influence of destructive information from extremist and
terrorist organizations, foreign special services, and propaganda structures
Identifies raising of the level of technological security, including in the information sphere as one of the main areas for ensuring national security

Source Source 2
December 2015
 Russian Federation Last Updated: May 2019

Concept of the state system of detection, prevention and elimination of consequences of computer attacks on information resources
(extract)
Security Council of the Russian Federation

Defines the purpose, functions and principles of creation of the state system of detection, prevention and elimination of consequences of computer attacks
on information resources.

Source Source 2
12 December 2014

Fundamentals of the State Policy in the field of international information security

Security Council of the Russian Federation; Ministry of Foreign Affairs

Define the main threats in the field of the international information security, the purpose, tasks and priority directions of the State Policy in the
field of the international information security, as well as mechanisms of implementation until 2020;
Identifies the following threats in this field: information weapon for military and political purposes; terrorism; interference in internal affairs; and
crimes;
Identifies the main directions of the State Policy at the bilateral, multilateral, regional and global levels;
To be implemented by Federal Executive Bodies in accordance with their competence, coordinated by the Ministry of Foreign Affairs.

Source Source 2
24 July 2013

Main directions of the state policy in the field of automated control systems of production and technological processes of critical
infrastructure
Security Council of the Russian Federation

Aims to improve the safety of information and telecommunication systems and critical infrastructures and objects by reducing any risk of uncontrolled
interference in these systems' functioning to the minimum possible level.

Source Source 2
3 February 2012

Implementation Frameworks

State Programme "Information Society (2011-2020)"

Ministry of Digital Development, Communications and Mass Media; Ministry of Economic Development

Includes six sub-programmes, including security in the information society

Goals and objectives:

1. Improving the quality of life and the conditions for doing business
2. E-government and effective state governance
3. Development of the Russian market for information and communication technology, and measures to go over to a digital economy
4. Bridging the digital gap and building the basic infrastructure of the information society
5. Security in the information society; and
6. Development of digital content and preservation of Russia’s cultural heritage

Source
20 October 2010 (adopted); 15 April 2014 (updated); 29 March 2019 (updated and extended to 2024)

Federal Project "Information Security" (part of the National Programme "Digital Economy of the Russian Federation")
Government of the Russian Federation Council for Strategic Development and National Projects under the President of the Russian Federation

Programme "Digital Economy of the Russian Federation" adopted by the Government of the Russian Federation on 27 July 2017
Updated Passport of the National Programme adopted on 24 December 2018
The Passport of the National Programme provides comprehensive framework of the development of digital economy in the Russian Federation and
encompasses 6 Federal Projects, including the Federal Project "Information Security"
 Russian Federation Last Updated: May 2019

The Federal Project "Information Security"section in the National Programme Passport includes a set of goals and activities for the period from
November 2018 to December 2024, with the key goal of ensuring information security on the basis of national inventions for transfer, processing
and storage of data to guarantee protection of the interests of the individual, business and the State

Source Source 2
27 July 2017 (Programme adopted); 24 December 2018 (updated Passport of the National Programme adopted)

STRUCTURE

National Centre or Responsible Agency

Security Council
Secretary of which is responsible to present the findings of monitoring the implementation of the Doctrine of Information Security to the President.
Source

Key Positions

Secretary, Security Council

Source

Dedicated Agencies and Departments

Ministry of Telecom and Mass Communications of the Russian Federation

Ministry is responsible for developing and implementing national policy and legal regulation in following spheres:

Telecommunications, including the allocation and conversion of the radio frequency spectrum, and postal communications;
Information technology, including creation of government information resources and promotion of access to such resources;
Personal data processing and Internet governance.

Source

Roskomnadzor (The Federal Service for Supervision of Communications, Information Technology, and Mass Media)
Federal Executive Authority of the Russian Federation, performing the following functions: control and supervision of mass media (including electronic
mass media), mass communications, information technology, and telecommunications; supervision and statutory compliance control of personal data
processing; managing the Radio Frequency Service activitie
Source

National CERT or CSIRT

GOV-CERT.RU
Cyber Security and Incident Response Team for the governmental networks of the Russian Federation

Responsible for governmental networks;

Aims to provide coordination of state authorities, local authorities and law enforcement units on identifying, prevention and removing
consequences of computer incidents concerning state information-telecommunication networks

Source
2012
 Russian Federation Last Updated: May 2019

RU-CERT
Computer Security Incident Response Team

Provides computer incident prevention and response service for all users when the incident in question is related to resources located on the
territory of Russian Federation;
Provides assistance in contacting Russian incident response teams, abuse services, and law enforcement agencies.

Source
1998

The Financial Sector Computer Emergency Response Team (FinCERT)

Central Bank of the Russian Federation

Established as part of the Directorate General for Security and Information Protection of the Bank of Russia
Serves as a competence center for the exchange of information between the Bank of Russia, banks and non-bank financial institutions (NBFIs),
integrator companies, anti-virus software vendors and communications service providers and operators, and specifically for law enforcement and
other public authorities overseeing cyber security across the industry
The exchange of information is intended to coordinate the efforts to prevent and deter the activities of perpetrators threating he IT infrastructure
and services of the organizations supervised by the Bank of Russia
Key objectives:
organize and coordinate the exchange of information between the FinCERT, law enforcement authorities, banks and NBFIs
analyze data about cyber-attacks on banks and NBFIs and prepare analytics
issue information protection guidelines for the safe transfer of funds

Source Source 2
June 2015 (established)

LEGAL FRAMEWORK

Legislation

Federal Law N. 276-FZ on Amendments to the Federal Law on Information, Information Technologies and Information Protection (Federal
Law N. 149-FZ of 27 July 2006)
Regulates access to information resources and information and telecommunications networks restricted in Russia, as well as software and hardware for
such restricted access in the State's territory.
Source
29 July 2017

Federal Law N. 241-FZ on Amendments to the Federal Law on Information, Information Technologies and Information Protection (Federal
Law N. 149-FZ of 27 July 2006)
Regulates the use of instant messaging services.
Source
29 July 2017

Federal Law N. 187-FZ on the Security of Critical Information Infrastructure

Law on the security of critical information infrastructure for the purpose of their functioning when faced with computer attacks;
Describes the State system of detection, prevention and elimination of consequences of computer attacks on information resources (Article 5).

Source
26 July 2017

Federal Law N. 87-FZ on Amendments to the Federal Law on Information, Information Technologies and Information Protection (Federal
Law N. 149-FZ of 27 July 2006)
 Russian Federation Last Updated: May 2019

Establishes a federal executive authority responsible for controling and supervising the field of mass media, mass communications, information
technologies and communication.
Source
1 May 2017

Federal Law N. 149-FZ on Information, Information Technologies and Information Protection

Regulates the exercise of the right to seek, receive, transmit, produce and disseminate information, application of information technologies, and ensuring
the protection of information.
Source
27 July 2006

Criminal Code

Chapter 28. Crimes in the Sphere of Computer Information:

Article 272. Illegal Accessing of Computer Information

Article 273. Creation, Use, and Dissemination of Harmful Computer Viruses
Article 274. Violation of Rules for the Operation of Computers, Computer Systems, or Their Networks

Source

COOPERATION

UN Processes

Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source
2004, 2009, 2012/2013, 2014/2015, 2016/2017

Bilateral and Multilateral Cooperation

Cooperation, Thailand-Russia
Secretary of the Security Council
Established and stable channel of communication between the Russian Security Council and Thailand in order to respond in atimely manner to new
challenges and threats, including in the field of information security.
Source
28 February 2018

Consultations, Russia-India
Security Council
Second round of consultations pursuant to the Bilateral Agreement signed on 15 October 2016.
Source
15-16 February 2018

Cooperation, Russian Federation-Serbia

Ministry of Interior
Cooperation between Russian experts and Serbian police to combat cybercrime.
Source
 Russian Federation Last Updated: May 2019

5 September 2017

Cooperation agreement, Russia-South Africa

Sergey Lavrov, Foreign Minister
Intergovernmental cooperation agreement on maintaining international information security
Source
4 September 2017

Indonesia-Russia Cyber Bilateral Dialogue

Coordinating Ministry for Political, Legal and Security Affairs
Bilateral dialogue on cybersecurity.
Source
23 March 2017

German-Russian cyber-security consultations

Ambassador Andrei Krutskikh, Special Representative of the President of the RF for International Cooperation in Information Security
Discussion of national developments and structures, as well as current issues in international cyber security. The agenda also included work on norms for
responsible state behavior in cyberspace and on confidence-building measures
Source
9 February 2017

Bilateral agreement, India-Russia

Government of Russian Federation
Bilateral Agreement on Cooperation in ensuring security in the use of Information and communication technologies.
Source
15 October 2016

Russia-China Cooperation in Ensuring International Information Security (Sino-Russia Cybersecurity Agreement 2015)
Head of State
Cooperation in the field of international information security, including joint solution of tasks, and legal framework for dialogue
Source
8 May 2015

Select Activities

(draft) United Nations Convention on Cooperation in Combating Information Crimes

Draft convention aiming to:

Combat crimes and other unlawful acts in the field of ICT;

Prevent action directed against the confidentiality, integrity and availability of ICT as well as the misuse of ICT;
Improve the efficiency and develop international cooperation, including in the context of training and providing technical assistanc ein preventing
and combating ICT crimes.

Source Source 2
17 May 2017 (presented on)

(draft) Convention on International Information Security

Draft treaty for international information security.
Source
September 2011 (released on)
 Russian Federation Last Updated: May 2019

Membership

International Telecommunications
Union (ITU)

Organization for Security and Co-

operation in Europe (OSCE)

Shanghai Cooperation Organisation

(SCO)

United Nations (UN)