New challenges and threats in the digital space: security as a criterion for the development of information technologies

Duben' Andrei Kirillovich Scientific Associate, Institute of State and Law of the Russian Academy of Sciences; Assistant, Department of Civil and Administrative Proceedings, Russian State University of Justice 119019, Russia, Moscow region, Moscow, Znamenka str., 10 k.duben@mail.ru Other publications by this author

Security issues occupy one of the key values in the domestic and foreign policy of the state, determining national interests and strategic national priorities, the main directions of sustainable development of the state for the long term. The issues of ensuring information security are becoming more and more urgent in view of the global digital transformation of all spheres of life, as well as the aggravation of geopolitical contradictions and the strengthening of interstate information warfare ^[1]. Draws attention to the fact that each state primarily cares about its own national information sovereignty, including digital and technological aspects ^{[2, p. 120]}. An essential factor in the development of the national policy of the state is the information component. To confirm this position, we can cite the words of V.N. Lopatin, who in his dissertation research noted that the role of information security and its place in the national security system is formed by the state information policy, which is interconnected with the state policy of ensuring national security of the state through the information security system ^{[3, p. 85]}.

Within the framework of this article, the subject of the study is the norms of law regulating public relations in the field of legal provision of information security. The methodological basis of this work is the application of dialectical and systematic approaches, which made it possible to comprehensively investigate the posed scientific and practical problems in their development and interrelation.

The strategic importance of information security is confirmed by a number of federal-level documents approved by Decree of the President of the Russian Federation No. 400 dated July 2, 2021 "On the National Security Strategy of the Russian Federation", which are of basic importance at the present stage of development of society and the state. These documents are the main ones in the system of strategic planning documents, they require scientific understanding from the perspective of information law, because today, in the era of active digital transformation processes, the global crisis, also associated with the problems caused by the COVID-19 pandemic and geopolitical risks, their impact on the legal system, both international and national, is acutely felt ^{[4, p. 131]}. President of the Russian Federation Vladimir Putin at one of the open meetings of advisory bodies on information security issues emphasized: "New technological solutions generate new risks. We see that the global digital space often becomes a platform for fierce information confrontation, for unfair competition and cyber attacks <...> It is important to maintain the continuity of our strategic course on conflict prevention in the information space" ^[5]. In the conditions of increasing tension between Russia and its foreign political opponents, such a statement by the President of the Russian Federation seems especially important, since, in our opinion, it contains a call to public authorities and society to effectively counter the aggressive activities of foreign states that contradict the strategic course of the Russian Federation.

Currently, in connection with the events in the world and the possibility of remote information impact on the legal consciousness and worldview of people, the issue of security in the information sphere has been significantly updated. In particular, ensuring the reliability of information as the basis for the implementation of activities in the information sphere and the formation of a system of lawful actions of various persons. However, as O.V. Petrovskaya rightly noted, the main way to prevent unreliable information is to establish criteria for the reliability of information that will allow to counteract this process in the information environment. At the same time, fake news gets its further development with new world processes affecting the sphere of human activity and society as a whole ^{[6, p. 18]}.  So, today there is the use of various mechanisms of unlawful restriction of citizens' access to socially significant information, including in the system of official views in the Russian Federation on the specifics of national interests and the procedure for ensuring them. The so-called fake information promoted by unfriendly foreign states using their digital and technological advantage in their own interests to the detriment of the national interests of the Russian Federation has become widespread. This reinforces the importance of the formation of legal mechanisms for information and analytical activities to debunk false information disseminated in order to unlawfully achieve the advantages of some countries over others, as well as to counter these processes.

We believe that in order to implement the state policy in the information sphere, it is necessary to define the subject area of Russian legislation and build an integrated system in the field of security. We believe that the main directions of the implementation of the state information policy are: the guarantee and implementation of the constitutional rights of man and citizen; the security of information networks; prevention of vulnerability of information systems; development and improvement of information infrastructure; further interstate cooperation on information security and information protection.

Currently, the problem of concentration of control centers of digital technologies and various digital platforms by organizations operating under the jurisdiction of Western states is becoming more and more urgent. In this regard, one of the pressing issues today is the formation of legal mechanisms for international and interstate control over the development of the Internet information and communication network and digital platforms of international importance in the context of ensuring peace and law and order, as well as ensuring national information security. Thus, the state information policy should be based on the general principles of law in order to develop and improve information technologies, protect information and ensure information security, which will contribute to the further development of the information society within the state.

Modern digital technologies, having cross-border use, are now often based on software and hardware-software complex produced by foreign countries, although sometimes they are based on theoretical research and experimental design developments of Russian scientists. At the same time, insufficient practice of introducing the results of scientific research into information products has a negative impact on the productivity of the introduction of research and development achievements of Russian researchers and practitioners. This requires the need to form a set of organizational and legal measures in the field of development, implementation and commercialization of information products of domestic origin by promoting them on the Russian, regional and global markets, financing promising projects.

The training of competent personnel, including specialists in the field of information technology itself (programmers, testers, system administrators, etc.), as well as information security specialists of various profiles and specializations, is of great importance for the field of information security. It should be noted that personnel training at the bachelor's, specialist's and master's level, having a complex character, at the same time requires improvement, including educational and methodological materials aimed at the formation of not only engineering, computer, but also legal knowledge and legal culture. However, as a rule, the training of qualified personnel in the field of information security is carried out by technical universities that do not have the necessary teaching staff in the field of law. This sets the task of fixing the requirements for the legal knowledge of graduates at the level of by-laws and federal educational standards.

It is also important to create conditions for the development of innovative technologies on the basis of public-private partnership, which in the field of ensuring information security of Russia is determined by the interest of the parties in the active development of national information infrastructure on the basis of agreements within the framework of current Russian legislation. At the moment, one of the directions of development of public-private partnership in Russia is the interaction of the state and private entities in the field of information security through the transfer of information, database management, information support systems, protection of critical information infrastructure, etc. We believe that the instruments of this type of agreements make it possible to effectively involve the private sector in the implementation of state policy in the field of information security.

Within the framework of the provisions of the Information Security Doctrine of the Russian Federation, the interaction of public and private entities is permissible in cases of assessing the state of information security, forecasting and detecting threats in the information sphere, coordinating actions to improve information security, i.e. when implementing a risk-oriented approach ^{[7, p. 39]}. In this regard, political scientists rightly point out that the development of information and telecommunication technologies has led to the emergence of new terms, such as "information weapons" and "information warfare", which require scientific understanding taking into account the current geopolitical situation, characterized by increased information risks and threats, including in the field of ensuring digital and technological sovereignty of the state, its constitutional system and defense, while researchers have repeatedly drawn attention to the emergence of new types of information weapons that are created for illegal actions within individual information systems ^{[8, p. 141]}.

Thus, public-private partnership in Russia is formed at the stage of its development, the main purpose of which is to satisfy socially significant interests in the field of information security. At the same time, various forms of partnership provide effective solutions to priority goals and tasks of ensuring national security in the information space.

Today, in the field of organizational and legal provision of information security, the issue of developing a system of technical regulation is acute. Legal regulation and law enforcement practice in the field of certification, standardization of information security tools, as well as licensing, certification in information security activities requires scientific understanding from the perspective of information law and determining the place in the system of this industry. The regulatory and legal regulation of these issues does not always meet the requirements of the time. Thus, the Decree of the Government of the Russian Federation No. 608 of June 26, 1995 "On Certification of information security tools" was issued during the period of validity of the Law of the Russian Federation "On Certification of Products and Services" of 1993, which has become invalid. In addition, the provisions of the above-mentioned decree of the Government of the Russian Federation are aimed at regulating relations related to the confirmation of compliance with the requirements mainly to the means of protecting state secrets. The institutional and legal provision of information security is formed and developed "at the junction" of the branches of the information sphere and the sphere of security. We should agree with O.S. Makarov, who notes that "the legal provision of information security is conceptually built on existing systems of information legal relations (basic systems) and ensures the security of their progressive development" ^{[9, p. 73]}.

Currently, the requirements for mandatory certification of information security tools are established in relation to personal data information systems, automated processing of official information of limited distribution and other types of restricted access information. In this regard, the requirements for certification of confidential information protection tools are applied in many respects formally and without taking into account the specifics of various types of restricted access information. From the above, it can be concluded that there is a need for legislative changes in legal norms in the field of information security through the formation of unified approaches to organizational and legal measures to ensure the security of information systems and resources in the context of geopolitical changes and new challenges, threats in the information environment. These measures should contribute to countering socially dangerous acts, eliminating cyber attacks and preventing informational and psychological effects on human health and behavior.

In the science of information law, the importance of the Information Security Doctrine of the Russian Federation as a strategic planning document in the field under consideration, having a structured content and a clear form, is noted ^{[10, p. 43]}. This normative legal act creates an organizational and legal basis for the effective provision of information security in the state, the protection of the national interests of Russia and the personal interests of citizens in the information sphere ^{[11, p. 243]}. At the same time, it should be recognized that the changing socio-economic, geopolitical and other conditions for the implementation of information protection processes require the adoption of a new strategic planning act for the sphere of information security.

For the development of Russian legislation in the field of information security, it is necessary to develop and adopt a special federal law on information security ^{[12, p. 115]}. Although at present there is a certain system of regulatory legal acts, certain norms of which regulate legal relations in the field of information security. In particular, such regulatory legal acts include federal laws: "On the security of the critical information infrastructure of the Russian Federation", "On Information, Information Technologies and Information Protection", "On Personal Data", "On experimental legal regimes in the field of digital innovations in the Russian Federation" and a number of others. In this regard, we believe there is a need to adopt a special federal law on information security, taking into account state policy in the information space, national interests, including the specifics of the system of public authorities with authority in this area.

Consequently, the development of the current Russian legislation in the field of information security is necessary to improve the efficiency of public administration and interaction between various public authorities of the Russian Federation. In this regard, the importance of a systematic solution of issues related to the priority of security increases, taking into account the priority of digital technology security issues ^{[13, p. 34]}. At the same time, there are reasonable prerequisites for these legislative changes. In this regard, there is a question about the possibility of including certain legal norms in the domestic information legislation to the extent that such norms regulate relations in the field of performance by public administration bodies of functions ensuring security in the information sphere.

Thus, within the framework of this article, it can be concluded that there is a need for legislative consolidation at the federal level of the legal foundations of the national information security system in the Russian Federation in order to use information and legal means in the conditions of digitalization, the growth of geopolitical challenges and risks, the global socio-economic crisis, the formation of a multipolarity of the world, aimed at improving the security of Russian information resources, information systems and information infrastructure facilities.