Duma passes bill on protection of Russian state data networks

Duma passes bill on protection of Russian state data networks
Russia’s lower house has approved a bill that defines which of the country’s informational infrastructure is to be considered critical, while setting a maximum sentence of 10 years imprisonment for hackers that attack it.

In the final draft of the bill published on the State Duma’s website, critical informational infrastructure is defined as data systems and telecommunication networks belonging to Russian state bodies and agencies, as well as automated control systems used in the defense industry, healthcare, communications sector, transport, banking and finance, energy industry, and several more industry sectors, like the nuclear, space, and fuel. The list also includes organizations engaged in science and research. 

The head of the lower house’s Committee for Informational Technology and Communications, MP Leonid Levin, said the draft also orders the creation of a National Coordination Center for Computer Incidents – an “organization created by a federal body of executive power and charged with the task of creating and running a state system for detecting and preventing hacker attacks and repairing the damage inflicted by such attacks on the data resources of the Russian Federation.”

The bill also gives a yet to be identified authority the responsibility of drawing up the full list of objects to be considered critical informational infrastructure. These can be owned by Russian companies, private persons, or foreign citizens or companies, but their interests must be officially represented by Russian legal entities.

The same bill also stipulates that exerting “unlawful influence” on the critical informational infrastructure of the Russian Federation is to be punished by up to 10 years in prison, along with an official ban on assuming certain posts.

The bill now needs to be approved by the upper house and signed by the president to become law. If everything goes smoothly, it is expected to come into force on January 1, 2018.

In late 2016, Russia updated its doctrine on information security to emphasize the increase in attacks against its infrastructure by foreign hackers, as well as attempts by foreign governments to influence Russia’s internal affairs. The doctrine also mentioned the negative impact the rapid surge in data flow has had on international security, as it can be employed by organized crime, extremists and terrorists.

The document said that, in order to counter these threats and challenges, Russia must build strategic deterrents and make an effort to prevent conflicts that stem from the use of data technologies, as well as neutralize foreign propaganda targeting Russia’s historical and patriotic values. The doctrine also said critical information infrastructure should be strengthened as means of protecting against cyberattacks.