Duma supports govt bill ordering prison for cyberattacks on Russian state agencies
The Russian lower house Committees for Security and Information Policy have recommended passing a bill introducing prison sentences of up to 10 years for cyberattacks that disrupt data systems of state agencies and strategic industries.
Izvestia reported on Tuesday that several sources in the State Duma had informed it that the government bill ‘On Security of Critical Informational Infrastructure of the Russian Federation’ that is a part of the state doctrine of information security will be recommended for passing in the first reading.
The bill lists as critical informational infrastructure all data systems of state agencies as well as automated systems that manage technological processes at defense industry enterprises, in health, transport, communications, banking and also in the energy sphere, space industry, metals, chemical and mining industries.
The bill orders to make a special register of critical infrastructure objects with three degrees of importance. The general rules for including companies and agencies in the register will be written by the government, but the actual execution will be the responsibility of a separate federal body that is yet to be determined.
State Duma sources told Izvestia that the Federal Security Service, the FSB, was the most likely candidate for this job.
Once included in the register, the agencies and companies will have to purchase special means for detection and countering information attacks. They will also have to report all attempted hackings to security bodies and assist them in investigation of such incidents.
The bill also tightens the responsibility for certain computer crimes. Writing and spreading computer programs that deliberately target the critical data infrastructure of the Russian Federation will carry sentences of up to 10 years behind bars.
Deputy head of the State Duma Committee for Security, Ernest Valeyev, told reporters that the bill protects private enterprises in the same way as state companies and structures. He also noted that the bill was a reply to recent challenges experienced in many spheres.
“We have already registered attacks on the Central Bank structures, attempts have been made to attack the president’s website. However, today there is no law that would regulate such problems,” he said.
In December, Russian President Vladimir Putin signed into effect the latest version of the Information Security Doctrine. The document read, among other points, that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance.
To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT,” as well as neutralize psychological operations targeting “historical foundations and patriotic values.”