The Russian government has prepared a bill that allows the Federal Security Service (FSB) to take measures against hackers who threaten the country’s information systems.
The bill has already been submitted to the parliament, Russian news agencies reported.
It includes some amendments to the law that regulates the operational and detective work of law enforcement agencies. In particular, the bill suggests allowing such work if there is a suspected threat to the security of national information. Previously, the law ordered action only when Russia’s state, military, economic or environmental security was in jeopardy.
The explanatory note to the bill reads that the information security threats have grown recently and that different states switched to direct confrontation in the cyber sphere. There are cases when foreign governments use malware as a cyber weapon.
Various hacker groups are also working on a broader scale, targeting the state data systems, financial institutions, educational organizations and mass media.
Presently, cybercrimes are investigated by the Interior Ministry, which has a dedicated directorate for such work. However, the FSB has more opportunities when it comes to foreign-based criminals, be they foreign government agents or international criminal networks.
The FSB has already started preparing to assume its new functions. In August this year the agency drafted a law that introduced jail terms of up to 10 years for unlawful access to computer information which threatens the national informational infrastructure. The same bill introduced criminal responsibility for careless handling of data carriers or use of data networks if it leads to damage to security and suggested punishment of up to seven years in prison for this.
According to the bill the FSB will set up a unified National Center for Computer Incidents that would oversee special devices embedded into the national electricity grid and other key infrastructure sites, as well as the national defense and law enforcement systems.
The FSB’s draft also provides that the federal power bodies divide all organizations and sites in the country into three categories of importance. The owners of these organizations and sites will be obliged to provide the FSB with full access to their data facilities and immediately report all suspicious computer incidents.