Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

National Security
Reference:

Certain Aspects of Legal Regulation of Information Security

Duben' Andrei Kirillovich

Scientific Associate, Institute of State and Law of the Russian Academy of Sciences; Assistant, Department of Civil and Administrative Proceedings, Russian State University of Justice

119019, Russia, Moscow region, Moscow, Znamenka str., 10

k.duben@mail.ru
Other publications by this author
 

 

DOI:

10.7256/2454-0668.2022.6.39440

EDN:

ZSPBCC

Received:

18-12-2022


Published:

30-12-2022


Abstract: The article is devoted to the analysis of the problems of legal support of information processes - the relationship of legal support of information security and issues of legal impact on the information system. The author's definition and the main provisions of the legal provision of information security are given. It is concluded that in the conditions of the Russian legal mechanism for ensuring information security, it is necessary to further improve the legal regulation of the protection of the information space of the state and its information infrastructure. Terminological uncertainty and inconsistency of the conceptual apparatus often become a problem of interpretation of the norms of law carried out at the stage of law enforcement activity. It is impossible to observe and apply legal norms without a clear textual expression. This problem is most aggravated when there is no legislative or scientific consensus on the meaning of concepts that are fundamental to a particular legal field. Such cases include the imperfection of the concept of "information security".


Keywords:

information law, information security, sub-branch of law, place of information security, national security, new challenges, threats and risks, digitalization, transformation of law, digital age

This article is automatically translated.

 

In modern conditions, the issue of forming a unified information and legal space in order to form a space of trust, information protection and information security becomes important. In this regard, the problem of legal provision of information security is becoming one of the most significant today. It is no coincidence that a lot of attention is being paid to information security issues today, since information security is one of the key priorities of national security. Thus, in accordance with the National Security Strategy of the Russian Federation, one of the key national interests is the development of a secure information space, thereby preventing future information risks and threats [1]. Thus, the Russian Federation defines information security as the priorities of planning in the field of national security.

Today, under the influence of certain objective conditions for the development of the system of legislation of the Russian Federation and the adoption of a number of normative legal acts of strategic planning, information security is considered as a sub-branch of information law. As T.A. Polyakova rightly notes, the position of the theory of law on the relationship between the branch of law and the branch of legislation, the definition of the subject and methods of legal regulation, as well as the analysis of legislation in the field under consideration allow us to state that legislation in the field of information security consists of a number of legal institutions characterized by internal isolation of legal norms within one or several branches of law and having a certain autonomy of functioning, based on the unity of legal principles [2, p. 136].

Information law as a legal branch has been formed as a system, including in its scientific and theoretical aspect, having its own special conceptual and categorical apparatus with an accurate definition of many legal terms, the question of the concept of information security is still relevant. The luminary of information law I.L. Bachilo noted that the conceptual apparatus determines the effectiveness and culture of legal science and legislation [3, p. 8].

Terminological uncertainty and inconsistency of the conceptual apparatus often become a problem of interpretation of the norms of law carried out at the stage of law enforcement activity. It is impossible to observe and apply legal norms without a clear textual expression. This problem is most aggravated when there is no legislative or scientific consensus on the meaning of concepts that are fundamental to a particular legal field. Such cases include the imperfection of the concept of "information security".

In our opinion, the most common problem regarding approaches to the definition of the concept of information security is that these approaches somehow "lock in" around the legal definition formulated by the legislator.

Information security is considered as a kind of national security, in connection with which its broad public and public-legal significance is emphasized. It should be noted that the current National Security Strategy of the Russian Federation differs in some political aspects that correspond to the current political conjuncture of relations between Russia and other countries. Thus, it is emphasized that the number of computer attacks on Russian information resources is increasing, most of which are carried out from the territories of foreign states.

Subsequently, the legal definitions of the concepts of "security" and "national security" became a model for the legislative consolidation of the definition of "information security" in the Information Security Doctrine of the Russian Federation, according to which information security is "a state of protection of the individual, society and the state from internal and external information threats, in which the implementation of constitutional human rights and freedoms and citizens, decent quality and standard of living of citizens, sovereignty, territorial integrity and sustainable socio-economic development of the Russian Federation, defense and security of the state".

It seems that part of the above definition can be more briefly and succinctly described as "constitutionally significant values", given their direct content in the Constitution of the Russian Federation and acts of the Constitutional Court of the Russian Federation mentioning these definitions in this capacity.  Thus, in one of its rulings, the Constitutional Court of the Russian Federation stated: "Given that the above legal regulation is aimed at protecting such constitutionally significant values as the sovereignty of Russia, the integrity and inviolability of its territory, ensuring the defense of the country and the security of the state ..." [4]. Decent quality and standard of living of citizens, in our opinion, is understood as nothing more than the policy of the Russian Federation as a social state aimed at creating conditions that ensure a decent life and free human development (Part 1 of Article 7 of the Constitution of the Russian Federation). The implementation of sustainable socio-economic development of the Russian Federation is consistent with Article 75.1 of the Constitution of the Russian Federation, according to which conditions are created in the Russian Federation for sustainable economic growth of the country and improving the welfare of citizens.

In the doctrine of information, there is a scientific discussion regarding the concept of "information security". According to the position of U.M. Sheremetyev, information security is "the protection of information and supporting infrastructure from accidental or intentional impacts of a natural or artificial nature that can cause unacceptable damage to subjects of information relations, including owners and users of information and supporting infrastructure" [5, p. 8].

I.M. Rassolova notes that the doctrinal significance of information security can be considered from several positions. As one of the options, it is proposed to consider information security as the activity of subjects to ensure the state of security of the object of protection [6, p. 325]. Other experts in the field of information security consider this term narrowly as a set of hardware and software tools to ensure the safety, availability and confidentiality of data in computer networks having "measures to protect information from unauthorized access, destruction, modification, disclosure and delays in access" [7, p. 50].

Ensuring information security, in essence, is a characteristic of the dynamics of public relations, measures taken by the information security forces to achieve the objectives established by the Information Security Doctrine of the Russian Federation. Despite the fact that most modern definitions of "information security" are focused on the legal definition in the Information Security Doctrine of the Russian Federation, nevertheless, it should be noted that for the most complete description of this definition, it is impossible not to take into account the provisions of the National Security Strategy of the Russian Federation, namely goals and objectives [8]. A positive step on the part of the legislator was that the National Security Strategy of the Russian Federation contains a separate section dedicated to information security, which separately states that the purpose of ensuring information security is to strengthen the sovereignty of the Russian Federation in the information space. These provisions are also reflected in the Strategy for the Development of the Information Society in the Russian Federation for 2017-2030 (hereinafter referred to as the Strategy for the Development of the Information Society) [9]. Considering that the Information Society Development Strategy sets the vector of development for the entire information security system, it is important to note that the provisions of this regulatory legal act address the problems of information security, at the same time, concepts such as: "digital economy", "information society" are specified and the model of its elements is determined. The priority directions defined by Article 46 of the Strategy for the Development of the Information Society indicate the need to improve legislation implementing the inclusion of new information relations in the mechanism of legal regulation. We believe that the legislator in this case speaks of a systemic, complex nature, eliminating the vastness of the basic concepts in the field of legal provision of information security.

It should be concluded that information security is a sub–branch of information law that has a complex character due to the specific needs of legal regulation of public relations related to information security. At the same time, in the conditions of the Russian legal mechanism for ensuring information security, it is necessary to further improve the legal regulation of the protection of the information space of the state and its information infrastructure as a whole.

References
1. Decree of the President of the Russian Federation No. 400 of July 2, 2021 "On the National Security Strategy of the Russian Federation" // SZ RF. 2021. N. 27 (part 2). p. 5351.
2. Polyakova T.A. Legal provision of information security in building an information society in Russia: dis. dr. yurid. nauk. M., 2008. 438 p.
3. Bachilo I.L. Conceptual apparatus of information law and information security system // Proceedings of the Institute of State and Law of the Russian Academy of Sciences. 2016. N. 3. pp. 8-17.
4. Resolution of the Constitutional Court of the Russian Federation dated 09.07.2012 N. 17-P "On the case of checking the constitutionality of an international treaty of the Russian Federation that has not entered into force-the Protocol on the Accession of the Russian Federation to the Marrakesh Agreement on the Establishment of the World Trade Organization" // Bulletin of the Constitutional Court of the Russian Federation. ¹ 5. 2012.
5. Information security: studies. manual / Yu. M. Sheremetyevo. Tomsk: Publishing House of TSPU, 2009. 141 p.
6. Information law: Textbook. / ed. by I.M. Rassolov. M.: Prospect. 2013. 350 p.
7. Ryzhenkova O.Yu. Information security definition of the concept, place in the national security system // Law and Law. 2009. N. 1. pp. 50-52.
8. Decree of the President of the Russian Federation No. 400 dated July 2, 2021 "On the National Security Strategy of the Russian Federation" // SZ RF. 2021. N. 27 (Part II). p. 5351.
9. Decree of the President of the Russian Federation No. 203 dated May 9, 2017 "On the strategy for the development of the Information Society in the Russian Federation for 2017-2030" // SZ RF. 2017. No. 20. p. 2901.

Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Certain aspects of legal regulation of information security". The subject of the study. The article proposed for review is devoted to certain aspects of "...legal regulation of information security". The author has chosen a special subject of research: the proposed issues are investigated from the point of view of information law, while the author notes that "... the problem of legal provision of information security is becoming one of the most significant today. It is no coincidence that great attention is being paid to information security issues today...". The NPA and judicial practice of Russia, the provisions of the National Security Strategy of the Russian Federation, the Doctrine of Information Security of the Russian Federation, Strategies for the development of the information Society relevant to the purpose of the study are studied. A certain not very large volume (3 titles) of scientific literature and educational literature on the stated issues are also studied and summarized, analysis and discussion with these opposing authors are present. However, there are other modern authors who also study this problem and write about it. But for some reason, not a word about them. At the same time, the author notes: "...The Russian Federation defines information security as a national security planning priority." Research methodology. The purpose of the study is determined by the title and content of the work: "Terminological uncertainty and inconsistency of the conceptual apparatus often become a problem of interpretation of the norms of law carried out at the stage of law enforcement activity. It is impossible to observe and apply legal norms without a clear textual expression." They can be designated as the consideration and resolution of certain problematic aspects related to the above-mentioned issues and the use of certain experience. Based on the set goals and objectives, the author has chosen a certain methodological basis for the study. The author uses a set of general scientific, special legal methods of cognition. In particular, the methods of analysis and synthesis made it possible to generalize some approaches to the proposed topic and partially influenced the author's conclusions. The most important role was played by special legal methods. In particular, the author used a formal legal method, which allowed for the analysis and interpretation of the norms of the current NPA and judicial practice of the Russian Federation. In particular, the following conclusions are drawn: "...information security is a sub–branch of information law that has a complex character due to the specific needs of legal regulation of public relations related to information security," etc. Thus, the methodology chosen by the author is sufficiently adequate to the purpose of the article and allows us to study certain aspects of the topic. The relevance of the stated issues is beyond doubt. This topic is one of the most important in the world and in Russia, from a legal point of view, the work proposed by the author can be considered relevant, namely, he notes "... the problem is most aggravated when there is no legislative or scientific consensus on the meaning of concepts that are fundamental to a particular legal field. The imperfection of the concept of "information security" also applies to such cases." And in fact, an analysis of the work of opponents and NPAs should follow here, and it follows and the author shows the ability to master the material. Thus, scientific research in the proposed field is only to be welcomed. Scientific novelty. The scientific novelty of the proposed article raises some doubts. It is expressed in separate scientific conclusions of the author. Among them, for example, is the following: "... part of the above definition can be more briefly and succinctly described as "constitutionally significant values", taking into account their direct content in the Constitution of the Russian Federation and acts of the Constitutional Court of the Russian Federation mentioning these definitions in this capacity." As can be seen, this conclusion can be used in further research. However, the author did not use it himself and defines information security in a different way. Thus, the materials of the article as presented may be of some interest to the scientific community. Style, structure, content. The subject of the article corresponds to the specialization of the journal "National Security", as it is devoted to certain aspects of "...legal regulation of information security". The article contains analytics on the scientific works of opponents in a limited number, so the author notes that a question close to this topic has already been raised and the author uses some of their materials, discusses with opponents. The content of the article corresponds to the title, since the author considered the stated problems and achieved the goal of his research. The quality of the presentation of the study and its results should be recognized as improved. The subject, objectives, methodology, research results, and scientific novelty directly follow from the text of the article. The design of the work meets the requirements for this kind of work. No significant violations of these requirements were found, except for repetitions and omissions "in the field of information security of information", "In the doctrine of information security". Bibliography. The quality of the scientific literature presented and used should not be appreciated very highly. However, the presence of additional modern scientific literature would show even greater validity of the author's conclusions. The works of the above authors correspond to the research topic, have some sign of sufficiency, and contribute to the disclosure of certain aspects of the topic. Appeal to opponents. The author has analyzed the current state of the problem under study in a very limited volume. The author describes some of the opponents' points of view on the problem, argues for a more correct position in his opinion, based on the work of individual opponents, and offers solutions to individual problems. Conclusions, the interest of the readership. The conclusions are logical and specific "At the same time, in the context of the Russian legal mechanism for ensuring information security, it is necessary to further improve the legal regulation of the protection of the information space of the state and its information infrastructure as a whole." The article in this form may be of interest to the readership in terms of the systematic positions of the author in relation to the issues stated in the article. Based on the above, summing up all the positive and negative sides of the article, I recommend "publishing" taking into account the comments.