Eng During last 365 days Approved articles: 1989,   Articles in work: 305 Declined articles: 758 
Library
Articles and journals | Tariffs | Payments | Your profile

Back to contents

Institutional Mechanisms of Ensuring the Critical Information Infrastructure Safety in the Russian Federation and Singapore: Comparative Law Analysis
Gorian Ella

PhD in Law

Docent, Vladivostok State University of Economics and Service

690014, Russia, Primorskii krai, g. Vladivostok, ul. Gogolya, 41, kab. 5502

ella-gorjan@yandex.ru

 

 

Abstract.

The object of the research is the relations arising in the process of using the national legal mechanism of cybersafety. The subject of the research is the particular legal acts that are issued in the sphere of regulation of critical information infrastructure safety in the Russian Federation and Singapore as well as international standards therein. The author of the article examines institutional mechanisms of ensuring the safety of the critical information infrastructure and analyzes law-making and law-enforcement processes in the sphere of information security. Goryan outlines drawbacks and benefits of the aforesaid national mechanisms and offers suggestions on how to improve the Russian mechanism. In order to obtain valid research results, the author has applied a number of general research methods (structured system analysis, formal law and hermeneutical methods) and special research methods (comparative law and formal law analysis). From the point of view of international standards, the Russian Federation and Singapore demonstrate a relatively high level of critical information infrastructure safety. The drawback of the Russian law is the fact that there is no legal regulation of the process of information network identification as objects and organisations of critical information infrastructure. The peculiar feathre of the Russian mechanism is the multiple number of actors that ensure the critical information infrastructure safety unlike the Singapore mechanism that has only one department. However, the Russian mechanism has such advantanges as the involvement of the service that has special forces and competences as well as procedural means to make a fast reponse to cyber attacks. As a result, the author concludes that there is a need to study and perhaps legally enforce such instruments of critical information infrastructure safety as training and audit of critical information infrastructure actors as it is done in Singapore. 

Keywords: Federal Security Service, institutional mechanism, legal mechanism, critical information infrastructure, cybersecurity, FSS, CII identification, FSTEC, Cyber Security Agency of Singapore, Singapore

DOI:

10.7256/2454-0595.2018.9.27762

Article was received:

23-10-2018


Review date:

24-10-2018


Publish date:

01-11-2018


This article written in Russian. You can find full text of article in Russian here .

References
1.
O bezopasnosti kriticheskoi informatsionnoi infrastruktury Rossiiskoi Federatsii : federal'nyi zakon ot 26.07.2017 187-FZ [Elektronnyi resurs] // SPS Konsul'tantPlyus. Rezhim dostupa: www.consultant.ru/document/cons_doc_LAW_220885/.
2.
Cybersecurity Act 2018 [Elektronnyi resurs] // Cyber Security Agency of Singapore. Rezhim dostupa: https://www.csa.gov.sg/legislation/cybersecurity-act.
3.
Matania E. Structuring the national cyber defence: in evolution towards a Central Cyber Authority / E. Matania, L. Yoffe, T. Goldstein // Journal of Cyber Policy. 2017. 2(1). Pp. 16-25.
4.
Mattioli R. Methodologies for the identification of Critical Information Infrastructure assets and services: Guidelines for charting electronic data communication networks / R. Mattioli, C. Levy-Bencheton. Heraklion: European Union Agency for Network and Information Security (ENISA), 2014. 43 p.
5.
Kozlov A.G. O sisteme zashchity informatsii / A.G. Kozlov // Zashchita informatsii. Insaid. 2010.6(36). S. 32-35.
6.
Potapova D.A. Otsenka ushcherba ot komp'yuternykh intsidentov dlya kriticheskoi informatsionnoi infrastruktury / D.A. Potapova, S.I. Zhuravlev // Materialy 45-i Mezhdunarodnoi nauchno-tekhnicheskoi konferentsii molodykh uchenykh, aspirantov i studentov. V 2-kh t. 2018. S. 447-454.
7.
Budovskikh I.A. Otsenka primenimosti dlya audita bezopasnosti gosudarstvennykh is metodiki opredeleniya ugroz bezopasnosti informatsii, razrabotannoi FSTEK Rossii / I.A. Budovskikh, Yu.N. Zaginailov // Izmerenie, kontrol', informatizatsiya: Materialy XVII mezhdunarodnoi nauchno-tekhnicheskoi konferentsii. 2016. S. 240-243.
8.
Gismatov A.R. Osobennosti spetsifiki primeneniya dokumentov FSTEK Rossii v oblasti zashchity gosudarstvennykh informatsionnykh sistem / A.R. Gismatov, F.T. Bairushin // Aktual'nye problemy sotsial'nogo, ekonomicheskogo i informatsionnogo razvitiya sovremennogo obshchestva : Vserossiiskaya nauchno-prakticheskaya konferentsiya, posvyashchennaya 100-letiyu so dnya rozhdeniya pervogo rektora Bashkirskogo gosudarstvennogo universiteta Chanbarisova Shaikhully Khabibullovicha. Bashkirskii gosudarstvennyi universitet. 2016. S. 53-55.
9.
Splyukhin D.V. Analiz noveishikh trebovanii FSTEK i obshchie resheniya sushchestvuyushchikh problem zashchity informatsionnykh sistem / D.V. Splyukhin, D.B. Nikolaev // Matematika i matematicheskoe modelirovanie : sbornik materialov X vserossiiskoi molodezhnoi nauchno-innovatsionnoi shkoly. 2016. S. 28-29.
10.
Portnova A.S. Analiz sovremennykh normativno-metodicheskikh dokumentov FSTEK Rossii v oblasti sistem obnaruzheniya vtorzhenii / A.S. Portnova // Bezopasnye informatsionnye tekhnologii: Sbornik trudov Vos'moi vserossiiskoi nauchno-tekhnicheskoi konferentsii. NUK Informatika i sistemy upravleniya / Pod. red. M.A.Basaraba. 2017. S. 340-346.
11.
Trufanov V.N. Podkhod k sozdaniyu tsentrov obrabotki personal'nykh dannykh v organizatsiyakh, obespechivayushchikh zashchitu gosudarstvennykh informatsionnykh resursov / V.N. Trufanov, D.A. Shchevelev, I.V. Demidov, S.V. Sovalin // Informatizatsiya i svyaz'. 2018.1. S. 56-62.
12.
Ageev V.O. Obespechenie zashchity GIS v zarubezhnykh i otechestvennykh sistemakh / V.O. Ageev, A.K. Shilov // Informatsionnoe protivodeistvie ugrozam terrorizma. 2015.24. S. 312-315.
13.
Goryan E.V. Vedushchaya rol' Singapura v obespechenii kiberbezopasnosti v ASEAN: promezhutochnye rezul'taty i perspektivy dal'neishego rasshireniya / E.V. Goryan // Territoriya novykh vozmozhnostei. Vestnik Vladivostokskogo gosudarstvennogo universiteta ekonomiki i servisa. 2018. T. 10. 3. S. 101-116.
14.
Farrand B. Blurring Public and Private: Cybersecurity in the Age of Regulatory Capitalism / B. Farrand, H. Carrapico // Security Privatization: How Non-Security-Related Private Businesses Shape Security Governance. Basel: Springer International Publishing AG, 2018. - Pp.197-217.
15.
Council Directive 2008/114/EC of 8 December 2008 on the identification and designation of European Critical Infrastructures and the assessment of the need to improve their protection. Official Journal L, 345(23), 12.
16.
Green Paper on a European Programme for Critical Infrastructure Protection. COM 576 final (2005).
17.
Ob utverzhdenii Pravil kategorirovaniya ob''ektov kriticheskoi informatsionnoi infrastruktury Rossiiskoi Federatsii, a takzhe perechnya pokazatelei kriteriev znachimosti ob''ektov kriticheskoi informatsionnoi infrastruktury Rossiiskoi Federatsii i ikh znachenii : postanovlenie Pravitel'stva RF ot 8 fevralya 2018 g. 127 [Elektronnyi resurs] // SPS Konsul'tantPlyus. Rezhim dostupa: www.consultant.ru/document/cons_doc_LAW_290595/.
18.
Lutsik P. Sub''ekt KII ili ne sub''ekt, vot v chem vopros! [Elektronnyi resurs] / P. Lutsik // Tsifrovaya podstantsiya. Rezhim dostupa: http://digitalsubstation.com/blog/2018/05/21/subekt-kii-ili-ne-subekt-vot-v-chem-vopros/
19.
Singapores Cybersecurity Strategy 2016 [Elektronnyi resurs] // Cyber Security Agency of Singapore. Rezhim dostupa: https://www.csa.gov.sg/news/publications/singapore-cybersecurity-strategy.
20.
Voprosy Federal'noi sluzhby po tekhnicheskomu i eksportnomu kontrolyu : Ukaz Prezidenta RF ot 16.08.2004 1085 (red. ot 08.05.2018) [Elektronnyi resurs] // SPS Konsul'tantPlyus. Rezhim dostupa: www.consultant.ru/document/cons_doc_LAW_14031/.
21.
O sovershenstvovanii gosudarstvennoi sistemy obnaruzheniya, preduprezhdeniya i likvidatsii posledstvii komp'yuternykh atak na informatsionnye resursy Rossiiskoi Federatsii: Ukaz Prezidenta Rossiiskoi Federatsii ot 22 dekabrya 2017 goda 620 [Elektronnyi resurs] // SPS Konsul'tantPlyus. Rezhim dostupa: http://www.consultant.ru/document/cons_doc_LAW_285915/.
22.
O Natsional'nom koordinatsionnom tsentre po komp'yuternym intsidentam (vmeste s Polozheniem o Natsional'nom koordinatsionnom tsentre po komp'yuternym intsidentam): prikaz FSB Rossii ot 24 iyulya 2018 goda 366 [Elektronnyi resurs] // SPS Konsul'tantPlyus. Rezhim dostupa: http://www.consultant.ru/document/cons_doc_LAW_306334/.