In December 2016, Russian President Vladimir Putin approved a new information security doctrine, which updates the older 2000 version. The doctrine, a system of official views on the insurance of the national security of the country in the information sphere, regards the main threats to Russia’s security and national interest from foreign information making its way into the country, and sets priorities for countering them.
Russian Information Security Doctrine
According to the document, one of the main purposes of information security is to ensure strategic deterrence and prevent military conflicts that may arise during the use of information technologies. Areas of concern include “information-psychological” methods by foreign intelligence agencies bent on influencing its population with online information; attacks on systems of “information support for democratic institutions” and the spread of harmful, false information; and the “increasing scale of certain countries and organizations using information technologies for military and political goals.” Of particular note, the doctrine cites the importance of creating a system of non-contentious inter-state relations in the information field.
Russia’s new information security doctrine dovetails with China’s recent passing of its new cyber security law. There has been increased cooperation between Russia and China on information security-related issues, with both governments maintaining that sovereignty in cyber space and the ability to counter all information-based threats are inherent government rights. In April 2016, the two governments established the first-ever China-Russia cyber forum, which was held in Moscow and was attended by prominent representatives of both governments including Lu Wei, the head of China’s state internet information office, Fang Binxing, the so-called father of the Great Firewall, and Igor Shchyogolev, President Vladimir Putin’s assistant on internet issues and former minister of communications.
The recent activities of the two countries are indicative of building on the foundation created by the April forum. Indeed, many of Russia’s recent moves with respect to information security bear striking resemblance to those already done by China such as passing or drafting legislation with information security components (e.g., December 2016 amendments to the Russian Criminal Code and Criminal Procedure Code, in addition to the revamped Information Security Doctrine). While some reports suggest that China and Russia have been collaborating on information sharing to better regulate and censor the Internet, this may an alarmist reaction that misses the more important point that these two governments are concentrating on the root of the threat as they perceive it – information – and less about the vehicle that carries it.
Getting governments on the same cyber security page continues to pose challenges as disagreements are found in trying to find a common lexicon from which to start. Broadly speaking, the West favors a technological focus and prefers a “cyber security” nomenclature, whereas governments from China and Russia prefer “information security,” pointing out that information as much as the technology on which it overrides is as potentially a dangerous weapon. The U.S. may have inadvertently given legitimacy to this position when President Obama cited “fake news” as a concern that could “poison politics,” and essentially influence how people vote. This is the very concern being expressed by China and Russia when they always include information as part of the larger security talks and its potential effect on social, cultural, and psychological aspects of a population.
What remains to be seen is how the recent accusations of Russian hacking to influence the U.S. elections may actually encourage other nations to view hostile information as a destabilizing agent. China and Russia have led two proposals for nation state code of conduct in cyberspace to the United Nations, with an agreement among future signatories ”not to use information and communications technology to interfere in the affairs of other states with the purpose of undermining, political, economic, and social stability.” Those governments wishing to preserve this right as well as their autonomy in cyberspace may be continually drawn to China’s/Russia’s perspective, particularly as the gap between cyber and information security is closely interwoven, and a focus on just the technology in this day and age is turning a blind eye toward the reality of the potential dangers of the information space.
And in the end, that may be one underlying motive behind the alleged “hacked” U.S. elections – not just to put a specific candidate into office, but to bring to light why information is dangerous at a national level and cannot be separated from the technology it uses to communicate. And from this perspective, the Chinese/Russian preference for information security instead of cyber security may be more indicative of today’s reality than the West wants to acknowledge.