Analysis of current regulations in the field of cybersecurity of critical information infrastructure of the Russian Federation

Abstract

The paper is devoted to a complex analysis of the current system of regulations in the field of security of critical information infrastructure (CII) facilities of the Russian Federation from the point of view of the logic of formation of the legal basis and the chronology of their creation, the results of which have provided a systematic regulatory framework for the security of CII facilities. The main directions of legislative activity in the field of security CII of the Russian Federation have been highlighted and a classification of the current legal acts in terms of it’s requirements has been proposed..The evolution of the content of the regulatory system to ensure the security of significant CII facilities has been described. The results of the analysis led to the conclusion that the state and regulators in the field of IS has developed a sufficient regulatory framework that defines the basic rules, procedures and requirements for the process of categorization, monitoring of its results, as well as providing information security of significant CII facilities. At the same time, on the basis of the experience of categorization of significant objects of the gas industry by the heat and power complex of the Russian Federation, a hypothesis has been made that the establishment of the information security system at specific significant CII sites (e.g., a variety of types of CII objects and areas of activity of CII entities) will require not only the application of existing legal instruments, but also the development of existing sectoral methodical documents in the field of categorization of objects of CII and in the field of construction of the information security system, taking into account their sectoral characteristics.