Translate this page:
Please select your language to translate the article


You can just close the window to don't translate
Library
Your profile

Back to contents

Security Issues
Reference:

Priority tasks of ensuring information security in the context of modern challenges and threats

Duben' Andrei Kirillovich

Scientific Associate, Institute of State and Law of the Russian Academy of Sciences; Assistant, Department of Civil and Administrative Proceedings, Russian State University of Justice

119019, Russia, Moscow region, Moscow, Znamenka str., 10

k.duben@mail.ru
Other publications by this author
 

 

DOI:

10.25136/2409-7543.2023.2.43435

EDN:

JWOTFN

Received:

25-06-2023


Published:

03-07-2023


Abstract: The article discusses the issues of ensuring information, digital, and cybersecurity, which is an urgent, strategic task at both the national and international levels. It is established that in the current conditions of the global crisis and geopolitical changes, new approaches to the legal regulation of information security are needed. An urgent problem has been identified not only at the national, but also at the international level. In this regard, it requires the identification of new external and internal threats in the information sphere, as well as the study and forecasting of prospects for the development of international regulation of information security. The conducted research allowed us to conclude that in the conditions of digital transformation, it is necessary to work out and strengthen scientific and legal positions regarding the development of legal support for information security. In the course of the research, the author concluded that at the present stage of development of society and the state, among the most urgent threats to national information security due to the dynamism of the information sphere, it is possible to single out such threats as illegal impact on national information resources, information and telecommunication systems and information infrastructure, including critical information structures; the use of means and methods of spreading false (fake) information for the purpose of disinformation of an indefinite circle of people using illegal methods and means, including cognitive methods of influencing the human psyche in order to disorganize and suppress the will; unauthorized interference in the national information space.


Keywords:

security, information security, sub-branch of law, new challenges, transformation of law, digitalization, national security, legal regulation, legal support, the digital age

This article is automatically translated.

Information, which is one of the main economic and political resources, expands the range of different ways of using it for educational, social, economic and cultural purposes, ensuring law and order, and for other socially significant purposes.

The subject of the study forms a set of norms of normative legal acts of the Russian Federation regulating public relations in the field of information security, as well as the provisions of theoretical interdisciplinary research in this area. The problems of legal provision of information security of the Russian Federation in the context of new challenges and threats are most deeply developed in the scientific works of L.K. Tereshchenko, E.S. Zinovieva, I.M. Popov, M.M. Khamzatov, S.M. Boyko and other leading scientists in this field. The analysis shows that Russian science has accumulated a substantial body of knowledge on certain aspects of information security. The methodological basis of the research is an interdisciplinary approach to the study of the problem, using the provisions of philosophy, jurisprudence, sociology, political science, military science and other branches of scientific knowledge. General scientific methods (abstraction, analysis, synthesis, analogy, induction, deduction, modeling) were used in the process of studying the problems of legal provision of information security.

Modern digital technologies, combining convergence, end-to-end and breakthrough nature for the development of society and the state, not only create limitless opportunities, but also form new challenges and security threats in the process of their implementation and use. At the same time, national security is currently characterized as a complex system determined by the action of various factors and threats [1, p. 102]. The conditions of digital transformation as a result of the rapid development of digital technologies, which initially assumed a positive impact on all spheres of life with adequate use of the achievements of scientific and technological progress, at the same time can become not only an effective tool for the creative transformation of public relations, but also carry certain risks. So, in recent years, a significant increase in the number of crimes committed using computer technology has been recorded.

Examining the statistical data, it should be noted that the damage to Russia from cyber threats in 2018 amounted to more than 1 trillion rubles, in 2019 – 2.5 trillion rubles. [2] At the same time, in 2020, the damage amounted to 3.5 trillion rubles, and in 2021, according to preliminary data, it is 7 trillion rubles. [3]. Statistics show that the number of cyberattacks is increasing every year and their result is more and more significant damage to the domestic information infrastructure. Thus, experts note that the number of information attacks increases by 6.5% every year compared to the previous one [4].

In turn, we can state that the public authorities of the Russian Federation are adapting to the new working conditions in the ICT environment, taking into account the new big challenges, threats and risks. The strengthening of illegal influence on information resources in the public administration system required the adoption of additional measures to ensure information security [5].

The importance of this issue was also noted by Russian Foreign Minister Sergey Lavrov, who emphasized that the emergence of new information technologies entails a change in the usual paradigms, defines new rules for the use of information systems, while giving another impetus to the transition to the digital sphere of public bodies and non-governmental organizations. In his opinion, modern challenges, threats and risks are the result of aggressive and long-term policies of individual countries of the European Union and the United States, which seek to form and consolidate their dominance in all technological processes of the information space. He also stressed the importance of measures to counteract technotronic crime: "Almost every day, Russian state institutions, mass media, critical infrastructure facilities, and the life support system are subjected to powerful cyber attacks using advanced information technologies. All this is part of a coordinated information aggression against our country. Special attention is required to the tasks of protecting the relevant resources of executive authorities, including the Ministry of Foreign Affairs. It is necessary to constantly improve the measures taken for this purpose, to establish daily monitoring of the implementation of the relevant instructions of the Government" [6].

We believe that in the conditions of geopolitical instability and transformation of the world order, modern cyberattacks with non-standard methods, methods and means of committing them require prompt work at the legislative level to prevent and prevent destructive effects on domestic information resources and information infrastructure of the public and private sector.

Today, the state of information security is of some concern due to systematic attacks carried out in order to destabilize traditional public relations in certain regions of the world, as well as the dissemination of false information to promote their own national interests for military-political and other hostile purposes [7, p. 42]. There is an intensification of the processes of spreading false information by "unfriendly" states, information confrontation between the leading powers of the world, including for military and political purposes. These illegal actions are aimed at destabilizing the activities of public authorities and interfering in the internal affairs of the State through the use of information technology.

The conducted research shows that the methods of conducting hostile actions at the present stage of the development of digital technologies are also in the process of permanent development. The number of cases of hybrid warfare is also increasing. Hybrid conflicts are conducted by "irregular forces mixed with regular troops, and are characterized by the simultaneous use of irregular and regular strategies and tactics of action" [8, p. 344]. With this type of conflict, the possibility of using information weapons increases even more, transforming the field of hostile actions and integrating their use in information, economic, political and other spheres. Thus, the Permanent Representative of China to the UN noted that acts of arbitrary blocking and freezing of foreign currency reserves also lead to a violation of the sovereignty of states [9].

It should be noted that the formation of an information security system taking into account the national interests of Russia, the prevention (settlement) of interstate conflicts in the global information space are possible only on the basis of an appropriate international legal regime, the promotion of which is determined by the main goal of state policy in the field of international information security [10, p. 53]. The rules of conduct of States in the information space and in conditions of armed conflict should become an integral part of this regime. In addition, an important threat in the information sphere affecting national security is the impact on critical infrastructure. These threats arise as a result of disruption of the functioning of information systems [11, p. 72].

These conditions inevitably entail measures to strengthen Russia's position in a competitive information struggle with both existing and new centers of power, as well as to further improve the international legal regulation of certain provisions of the development of means and methods of information protection based on the use of advanced digital technologies.

In this study, it is possible to identify modern challenges and threats to national information security, which are divided into internal and external.

In our opinion, internal threats in the information sphere should include:

1) systematic violation of the rules for the use of restricted access information;

2) the absence or inadequate level of qualification of personnel in the use of information and computer devices and other products necessary to ensure information security;

3) the use of foreign technologies and technical means in information processes;

4) violation of legal norms on copyright protection in the creation and implementation of secret inventions created, including by state order;

5) conflicts and legal gaps in domestic legislation in the regulation of relations in the field of information security;

6) and others.

External threats in the information sphere include:

1) active intelligence and counter-offensive activities of foreign intelligence agencies;

2) continuous information acts of aggression through cyber attacks on information infrastructure facilities;

3) the use of methods and means of information warfare through the use of cognitive weapons by foreign states against the national interests of the Russian Federation;

4) the use of special techniques in the information space that affect the interests of interstate cooperation in the field of information security;

5) the use of methods of filtering digital content on the Internet in order to limit the dissemination of reliable information about the policy of the Russian Federation and the initiatives promoted by it;

6) and others.

Taking into account the above list of modern information threats, we consider it necessary, along with the use of a set of legal means, to take organizational measures in the field of information security:

1) formation of favorable conditions for the improvement of human resources and the formation of a reserve of specialists in the field of information technology and information security;

2) creation of a domestic software product for information protection and identification of threats in the information system;

3) increasing the digital and information and legal culture of information security of citizens to form resistance to the information and psychological impact of foreign intelligence services and the influence of destructive ideology;

4) improvement of the regulatory framework for the protection of intellectual property and the Russian information infrastructure;

5) creation of effective measures to protect information through the development of technical regulation, including licensing, standardization, certification and certification in this area;

6) development of interstate cooperation with partner states in the field of information security through integration interaction, the formation of common international norms in the field of legal information security.

We believe that the formation and development of a national state policy aimed at ensuring information security will contribute to further improving the protection of information technologies and systems, preventing data vulnerability and reducing the occurrence of information threats. It seems that these measures will ensure the protection of Russia's information sovereignty, the protection of subjects and objects of high information technologies and innovative infrastructure.

Thus, based on the conducted research, it can be concluded that a combination of various risks, challenges and threats in the information space has intensified in the context of geopolitical changes and further digitalization of all spheres. At the present stage of development of society and the state, among the most urgent threats to national information security due to the dynamism of the information sphere, such threats can be identified as illegal impact on national information resources, information and telecommunication systems and information infrastructure, including critical information structures; the use of means and methods of spreading false (fake) information for the purpose of disinformation of an indefinite circle people using illegal methods and means, including cognitive methods of influencing the human psyche in order to disorganize and suppress the will; unauthorized interference in the national information space. Thus, the transformation of the information space in the context of geopolitical changes and the aggravation of socio-economic and international contradictions have determined a new vector of development of legal regulation of information security.

References
1. Tereshchenko, L.K., & Tiunov, O.I. (2015). Information security of executive authorities at the present stage. Journal of Russian Law, 8, 100-109.
2. Sberbank predicts damage to the Russian economy from cyber threats in 2018 at 1.1 trillion rubles. Kommersant newspaper. Retrieved from: https://www.kommersant.ru/doc/3676752
3. Sberbank has calculated the losses of the Russian economy in 2021 from cybercrime. Online publication "TASS". Retrieved from: https://tass.ru/ekonomika/8761953
4. Current cyber threats: results of 2021. Positive technologies. Retrieved from: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2021/
5. Decree of the President of the Russian Federation No. 250 dated May 1, 2022 "On additional measures to ensure information security of the Russian Federation". SZ RF. 2022. St. 3058.
6. Speech by the Minister of Foreign Affairs of the Russian Federation Sergey Lavrov at the plenary session "International relations in the conditions of digitalization of public life" of the International scientific and practical conference "Digital International Relations 2022", Moscow, April 14, 2022. Official website of the Ministry of Foreign Affairs of the Russian Federation. Retrieved from: https://www.mid.ru/ru/press_service/video/view/1809294/#sel=29:1:BXe ,29:101:cfj
7. Duben, A.K. (2021). Information security as an integral part of the national security of the Russian Federation. The Scientific Heritage, 74-4(74), 41-45.
8. Popov, I.M., & Khamzatov, M.M. (2016). The War of the Future: Conceptual foundations and practical conclusions. Essays of strategic thought. Moscow.
9. In China, they demanded to abandon the freezing of reserves of other countries. OSN. Public news service. Retrieved from: https://www.osnmedia.ru/world/v-knr-potrebovali-otkazatsya-ot-zamorozki-rezervov-drugih-stran/?utm_source=yxnews&utm_medium=desktop
10. Boyko, S.M. (2021). New strategic guidelines of Russia in the field of international information security. International life, 6, 52-61.
11. Zinovieva, E.S. (2013). International information security. Moscow.

First Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

The subject of the research in the article submitted for review is, as its name implies, the issues of information security. The author intended to focus on setting appropriate tasks and determining ways to solve them. In fact, this has not been done, which will be discussed in more detail later. The methodology of the research is not disclosed in the text of the article, but it is obvious that the scientists used universal dialectical, logical, statistical, formal and legal research methods. The relevance of the research topic chosen by the author is justified as follows: "Today, more and more researchers agree that information security issues are just as important as nuclear issues, which makes them a key factor in strategic stability [1, p. 284]. The information sphere, while remaining uncontrolled, inevitably contributes to the destabilization of society and manipulation of public consciousness. Taking into account the presence of the information space in a continuous state of uncertainty and danger, the informational nature of any risks, an appropriate state mechanism is needed to ensure information security, which will ensure constant and uninterrupted counteraction to information threats in modern conditions of socio-economic and geopolitical risks. In addition, it is important to build an appropriate information security architecture, without which it is impossible to maintain the state of information security, including a set of organizational and legal support measures." Additionally, the scientist needs to list the names of the leading experts who have been engaged in the study of the problems raised in the article, as well as reveal the degree of their study. It is not explicitly stated what the scientific novelty of the work is. In fact, it is missing. The author does not offer original definitions of controversial concepts, does not give specific recommendations on improving Russian legislation in the field of information security, etc. The article is descriptive, superficial in nature, representing a compilation of a number of sources used in its writing. As presented, it does not contribute to the development of domestic legal science. The scientific style of the research is fully sustained by the author. The structure of the article is quite logical. In the introductory part of the article, the scientist substantiates the relevance of the chosen research topic. The main part of the work, with relevant examples, describes the main problems in the field of information security, outlines some ways to solve them. The final part of the article contains conclusions based on the results of the study. The content of the work does not fully correspond to its title. It is also not without some other disadvantages. Thus, the author writes: "Information, becoming one of the most important economic and political resources, expands the range of ways for various ways of using it for educational, social, economic and cultural purposes, for the purpose of protecting the health of citizens, ensuring law and order, and for other socially significant purposes, while opening up a wide range of opportunities for its use as a weapon that destroys the stability of public relations and negatively affects the quality of human life," i.e. "Information ... expands the range of ways for different ways..." - the sentence contains a tautology. The scientist notes: "At the same time, the number of cyber attacks increases every year and acquires more and more significant damage to the domestic information infrastructure ..." The meaning of the proposal is obscured. In fact, the article does not clearly identify the tasks of the state in the field of information security. As a result, no specific solutions have been named. The author writes that "To solve these tasks, economically developed states of the so-called Western world are creating specialized structures for conducting subversive propaganda in the network space and cyber attacks," but does not offer anything specific. The scientist writes: "... the development of information and telecommunication technologies has led to the emergence of new terms in information law such as: "information weapons" and "information warfare", which require scientific understanding taking into account the modern geopolitical situation, characterized by increased information risks and threats, including in the field of ensuring digital and technological sovereignty of the state, its constitutional order and defense." The author himself does not explore the corresponding definitions of the concepts of "information weapons" and "information warfare" and does not offer his own definitions. The author argues "... about the variety of forms and methods of conducting information warfare and the need to form legal norms in domestic legislation that would regulate interrelated public relations in the interests of national security." The scientist does not name any directions for improving domestic legislation in this area. The bibliography of the study is presented by 12 sources (normative legal act, dissertation, monograph, scientific articles, analytical and statistical data). From a formal point of view, this is enough, but in fact the author failed to reveal the research topic with the necessary depth and completeness. The article is very superficial in its content. There is no appeal to opponents as such. The author refers to a number of sources used in writing the article to confirm his judgments or to illustrate certain provisions of the work (S. K. Kuznetsov, E. S. Zinoviev, etc.), but does not enter into a scientific discussion with specific opponents. The provisions of the work are not always justified to the proper extent. There are conclusions based on the results of the study ("... the development of information and telecommunication technologies has led to the emergence of new terms in information law such as: "information weapons" and "information warfare", which require scientific understanding taking into account the current geopolitical situation ... The current state of information warfare between various entities with their own national interests, indicates the diversity of forms and methods of conducting information warfare and the need to form legal norms in domestic legislation that would regulate interrelated public relations in the interests of national security. ... issues of countering modern challenges and threats should be considered at the national, international and interstate (regional) levels. Combining the efforts of states will make it possible to develop common legal mechanisms to counter the use of digital technologies for illegal purposes and strengthen stability"), however, they are of a general nature and are subject to clarification, taking into account the need to finalize the main part of the article. The article needs additional proofreading with the involvement of a philologist. It contains multiple typos, omissions of letters, spelling, punctuation, syntactic, and stylistic errors. The interest of the readership in the article submitted for review can be shown primarily by specialists in the field of international law, administrative law, information law, provided that it is substantially refined: clarifying the subject of the study, disclosing its methodology, additional justification for the relevance of the chosen research topic, introducing elements of scientific novelty and discussion, clarifying certain provisions of the work and conclusions according to the results of the study, the elimination of violations in the design of the article.

Second Peer Review

Peer reviewers' evaluations remain confidential and are not disclosed to the public. Only external reviews, authorized for publication by the article's author(s), are made public. Typically, these final reviews are conducted after the manuscript's revision. Adhering to our double-blind review policy, the reviewer's identity is kept confidential.
The list of publisher reviewers can be found here.

A REVIEW of an article on the topic "Priority tasks of ensuring information security in the context of modern challenges and threats". The subject of the study. The article proposed for review is devoted to topical issues of ensuring information security in the context of modern challenges and threats. The author substantiates and formulates as a list a set of priority tasks in the field of information security in these conditions. The subject of the study was the norms of legislation, the opinions of scientists, and the materials of practice. Research methodology. The purpose of the study is not stated directly in the article. However, the purpose of the study can be clearly understood based on the title and content of the article. The purpose of the study can be designated as the establishment of a system of priority tasks for ensuring information security in the context of modern challenges and threats. Based on the set goals and objectives, the author has chosen the methodological basis of the study. In particular, the author uses a set of general scientific methods of cognition: analysis, synthesis, analogy, deduction, induction, and others. In particular, the methods of analysis and synthesis made it possible to summarize and share the conclusions of various scientific approaches to the proposed topic, as well as draw specific conclusions from the materials of practice. The author notes that "The methodological basis of the study is an interdisciplinary approach to the study of the problem, using the provisions of philosophy, jurisprudence, sociology, political science, military science and other branches of scientific knowledge. In the process of researching the problems of legal provision of information security, general scientific methods (abstraction, analysis, synthesis, analogy, induction, deduction, modeling) were used." In particular, the author draws specific conclusions based on statistical data, which is important in the context of the purpose of the study. In particular, we note the following arguments of the author: "Examining the statistical data, it should be noted that the damage to Russia from cyber threats in 2018 amounted to more than 1 trillion rubles, in 2019 – 2.5 trillion rubles. [2] At the same time, in 2020, the damage amounted to 3.5 trillion rubles, and in 2021, according to preliminary data, it amounts to 7 trillion rubles [3]. Statistics show that the number of cyber attacks is increasing every year and their result is an increasingly significant damage to the domestic information infrastructure. Thus, experts note that the number of information attacks increases by 6.5% every year compared to the previous one [4]." Thus, the methodology chosen by the author is fully adequate to the purpose of the study, allows you to study all aspects of the topic in its entirety. Relevance. The relevance of the stated issues is beyond doubt. There are both theoretical and practical aspects of the significance of the proposed topic. From the point of view of theory, the topic of ensuring information security in the context of modern challenges and threats is complex and ambiguous. In a situation where public relations are changing under the influence of digitalization processes, public authorities, citizens, and other participants in legal relations must respond quickly and effectively to emerging security difficulties. The author is right that "Information, which is one of the main economic and political resources, expands the range of different ways of using it for educational, social, economic and cultural purposes, ensuring law and order, and for other socially significant purposes." Thus, scientific research in the proposed field should only be welcomed. Scientific novelty. The scientific novelty of the proposed article is beyond doubt. Firstly, it is expressed in the author's specific conclusions. Among them, for example, is the following conclusion: "based on the conducted research, it can be concluded that a combination of various risks, challenges and threats in the information space have intensified in the context of geopolitical changes and further digitalization of all spheres. At the present stage of development of society and the state, among the most urgent threats to national information security due to the dynamism of the information sphere, such threats can be identified as illegal influence on national information resources, information and telecommunications systems and information infrastructure, including critical information structures; the use of means and methods of spreading unreliable (fake) information for the purpose of disinformation of an indefinite range people using illegal methods and means, including cognitive methods of influencing the human psyche in order to disorganize and suppress the will; unauthorized interference in the national information space. Thus, the transformation of the information space in the context of geopolitical changes and the aggravation of socio-economic and international contradictions have determined a new vector for the development of legal regulation of information security." These and other theoretical conclusions can be used in further scientific research. Secondly, the author offers original generalizations about the set of priority tasks in the field of information security in these conditions. Thus, the materials of the article may be of particular interest to the scientific community in terms of contributing to the development of science. Style, structure, and content. The subject of the article corresponds to the specialization of the journal "Security Issues", as it is devoted to legal issues related to information security in Russia. The content of the article fully corresponds to the title, since the author considered the stated problems and achieved the research goal. The quality of the presentation of the study and its results should be recognized as fully positive. The subject, objectives, methodology and main results of the study follow directly from the text of the article. The design of the work generally meets the requirements for this kind of work. No significant violations of these requirements were found. Bibliography. The quality of the literature used should be highly appreciated. The author actively uses the literature presented by authors from Russia and abroad (Tereshchenko L.K., Tiunov O.I., Duben A.K., Popov I.M., Khamzatov M.M. and others). Many of the cited scientists are recognized scientists in the field of national security. Thus, the works of the above authors correspond to the research topic, have a sign of sufficiency, and contribute to the disclosure of various aspects of the topic. Appeal to opponents. The author conducted a serious analysis of the current state of the problem under study. All quotes from scientists are accompanied by author's comments. That is, the author shows different points of view on the problem and tries to argue for a more correct one in his opinion. Conclusions, the interest of the readership. The conclusions are fully logical, as they are obtained using a generally accepted methodology. The article may be of interest to the readership in terms of the systematic positions of the author in relation to the development of legislation and practice of its application in Russia in the field of information security. Based on the above, summing up all the positive and negative sides of the article, "I recommend publishing"