Protection of critical information infrastructure as a new institute of legally enforcing information security

Abstract

The article is dedicated to a research of law problems of security provision for critical information infrastructure (CII). There are described examples of great cyberattacks and their consequences which significantly affected on the political, economic and international situation in different countries. Analysis of the federal law “About the security of critical information infrastructure in Russian Federation” and system of related departmental by-laws is carried out. The concept of CII objects, rules of their categorization, criteria applied for this purpose and order of maintaining Register of significant CII objects are described. Milestones, organizational, legal and technical features of development and commissioning of the security provision system for CII objects in accordance with requirements of Federal Service for Technical and Export Control of Russia are investigated. Functional purpose, tasks, structure of the State system for detection, prevention and elimination of the consequences of computer attacks are described. Procedures of information exchange about computer incidents between CII entities and public authorities are investigated. Law problems of criminal prosecution for illegal impact on CII objects are manifested. It is concluded that improvement of legislation in the sphere of security provision for critical information infrastructure is necessary.