The Internet of Things in the Russian Federation: Integrated Security

The Internet of Things in the Russian Federation: Integrated Security

Anna Zharova (Higher School of Economics University, Russia & Institute of State and Law RAS, Russia) and Vladimir M. Elin (National University of Oil and Gas “Gubkin University”, Russia)
DOI: 10.4018/978-1-7998-5068-7.ch014
OnDemand PDF Download:
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

The chapter presents a study on ensuring the information security of the Russian Federation in the field of the internet of things (IoT), an analysis of Russian state policy in this field and methods for its implementation in terms of technical and legal regulation, and the directions of state development in field creating a system of regulation of relations in the field of IoT. To present the general picture of the state's opposition to the risks and threats arising from the use of the IoT, a comparison is made of the risks and threats used by the FSTEC of Russia and ENISA. The authors disclose Russian approaches to ensuring information security, reflected in state strategic documents, including the strategy adopted in 2015 in the field of ensuring information security by switching to their own information technologies. In conclusion, recommendations are made for government bodies and users to ensure integrated information security.
Chapter Preview
Top

Introduction

Over the past four years, Russia has adopted strategic programs to develop fields related to information technology (IT). These include artificial intelligence (AI), strategic computer technologies, information and communication technologies (ICTs) and systems, narrow-band wireless networks of the Internet of things (IoT), and the digital economy ecosystem. AI is used to identify criminals and sources of danger, risks, and threats associated with the IoT, as well as ensure information security. Since 2015, the Russian Federation has ensured its information security through a course on the import of substitution software and IT used by state structures. In addition, commercial organizations have been working in the field of critical information infrastructure since 2019.

When implementing these tasks, difficulties arise regarding the development of IT, Russian standards, and the regulatory framework for information security. Difficulties also impact user identification and authentication of IoT devices.

As a result of the development and use of ICTs, the number of connected devices on the Internet (and those entities that use such devices) are increasing. This creates a problem related to ensuring information security.

There is an exponential growth of information available on the Internet that is of interest to third parties. According to the Kaspersky Security Network (KSN):

Kaspersky Lab solutions repelled 843,096,461 attacks that were carried out from Internet resources hosted in 203 countries of the world. 113,640,221 unique URLs to which the web antivirus worked were recorded. Attempts to launch malware to steal money through online access to bank accounts are reflected on the computers of 243,604 users. Encryptors attacks are reflected on the computers of 284,489 unique users. File antivirus detected 247,907,593 unique malicious and potentially unwanted objects, etc. (Kaspersky, 2019)

A larger number of connected devices makes it more difficult to ensure integrity, accessibility, and confidentiality. First, devices record and process restricted information, including personal data. Second, the Russian Federation does not have requirements for mandatory certification of Internet devices. This creates several systemic problems at various levels of the network architecture. For example, most gadgets collect and store personal information in their clouds or on servers (Zharova et al., 2017). Therefore, there is concern related to information security of storage on remote devices and information systems. Thus, questions of placement, storage rules, IT interaction, and information security need careful legal and technical regulations.

In the Russian Federation, the levels of legal and technical regulations are independent. In fact, in most situations, they do not interact with each other. In this work, the authors aim to prove that ICT security is possible through close interaction of these levels. The authors demonstrate this idea using Russian information security solutions.

The following section provides an analysis of Russian state policy in the field of IT security. It studies implementation methods in terms of technical and legal regulations. The authors offer approaches to the problems of ensuring IoT security by generalizing the problems presented in technical research and offering solutions through legal regulation. They developed practical proposals for the use of regulations of the FSTEC of the Russian Federation together with the ENISA recommendations for the providing the Integrated security of the Internet of things. The study discussed the problem of eliminating technologies with preinstalled malware by developing a system of standards that include integrated security methods. In conclusion, authors substantiate the need for the interaction of legal and technical regulation and analyze the Russian state policy in ensuring the security of IT and methods for implementation from the point of view of technical and legal regulation.

Complete Chapter List

Search this Book:
Reset