Russia to update national IT security stategy

Russia will create a new national information security doctrine intended to more efficiently prevent information warfare, identity theft and cyberfraud. 

The Russian Security Council, a consultative body of the Russian president that helps formulate the president's policy on national security affairs, announced the plans overnight.

Dmitry Gribkov, an adviser to the head of the council, said there was an acute need for a revision of Russia's existing IT security strategy as a result of current tensions with western countries and the ongoing military conflict in Ukraine. 

"The current existing doctrine was approved about 15 years ago and needs to be revised," he said.

"The new version of the Russian IT security doctrine should be agreed with industry and reflect the interests of the state in the information environment.

"[It should] ensure respect for human and civil rights, the development of information and communication technologies, as well as improvement of the competitiveness of Russian products during the establishment of communication networks, as well as ensuring security of national information infrastructure."

The plans have already received support from the Russian parliament. Leonid Levin, chairman of the parliamentary committee on information policy, information technologies and communications said Russia needed proactive IT security legislation. 

He said the new infosec strategy should specify new norms and regulations, including compulsory authentication when connecting to open public networks, which has already been introduced in Russia.

Levin confirmed that, in addition to the new strategy, the country's parliament had already formulated and approved a package of federal laws aimed at strengthening national IT security.

One will require personal data on Russians be stored on servers located in Russia. All Russian internet companies need to transfer their data to Russian data centres by 2016.

The Russian parliament said the measures would help to protect users from the leakage of information or disconnection of any services.

The new law is due to come into force by September 1 this year and has already sparked criticism from many Russian IT companies and international IT providers operating in the country.

Sergey Plugotarenko, director of the Russian Association of Electronic Commerce (RAEC), a public association which unites Russia's leading electronic payment service providers, said localisation of data requires IT providers to build very expensive infrastructure, significantly increasing costs for both providers and consumers of services.

To date, the Russian Association of Retail Companies, the Russian Association of Internet commerce (Akita) and the Association of Computer and Information Technologies (RATEK) have all called on Russian president Vladimir Putin to block the new law.

The revised doctrine will also encourage the establishment of software production within Russia, and increase the powers of law enforcement agencies to block banned information spreading through anonymous networks.

This currently occurs in accordance with court decisions and as part of extrajudicial procedure.

Russia previously banned use of foreign software for many categories of government services, and the new changes will include the introduction of a 10 percent levy on software sales in Russia, the abolishment of VAT preferences for software developers, and the design of Russian analogues of imported software.

The latter proposal has sparked criticism from leading IT companies operating in Russia, including Microsoft, IBM and Google.

In a joint letter to Russia's prime minister Dmitry Medvedev, the companies said such measures would lead to "unnecessary budget expenditure, reduced investment attractiveness, increased prices in the Russian IT market, as well as a deterioration of the business environment for Russian IT companies".

The government believes adoption of the new strategy will also help to reduce the number of cyber crimes in Russia. Last year some 11,000 online crimes were committed in Russia, according to the Russian Interior Ministry, which forecasts the numbers to grow significantly this year.

"Of these crimes, about 41 percent are accounted for by fraud and theft," Alex Moshkov, head of the bureau of special technical projects of the Russian Interior Ministry said.

"Unfortunately, the ongoing development of technologies provides new opportunities to commit such crimes and sometimes to (undermine) the law-abiding internet-users and service providers".

This article originally appeared at scmagazineuk.com