Violating the Rules of Centralized Management of Technical Means of Counteracting the Threats to Information Security

Objective: to acquire new knowledge about the liability for violating the rules of managing technical means of counteracting the threats to information security; to elaborate theoretical recommendations and proposals for improving legislation and law enforcement.

Methods: the methodological basis of the research is a set of scientific cognition methods, including abstract-logic, dogmatic, comparison, etc.

Results: based on studying documents and publications, the following conclusions were made: 1) the measures taken at the national level for regulating the relations associated with introduction of technical means of counteracting the threats generally comply with the provisions of the Doctrine on information security of the Russian Federation; 2) one of the main directions of development of the foreign legislation on telecommunications is building a system of public-private interaction, in which communication operators would perceive the information security problem not as their internal task but as an element of the overall security of the state. In this regard, one may clearly trace the statement of the need to efficiently control the activities of communication operators, first of all, in the sphere of the newly introduced standards providing cyber resilience; 3) regulation of relations in the sphere of managing the technical means of counteracting threats in Russia is characterized by their multiplicity, multi-leveledness, hence, rather predictable complexity; 4) the model of communication operators’ liability for violations in the field of exploitation of technical means of counteracting threats, implemented in Article 274.2 Of the Russian Criminal Code, is not optimal. Rather disputable is the approach to describing the administratively prejudicial elements of crime. Despite the significance of the relations, the possibility of a criminal-legal reaction to a particular incident appears not in connection with the occurrence of certain publicly dangerous consequences and not even with the traditional recurrence, but only with the third documented violation. We consider more preferable the model of criminalization of violating the management of technical means of counteracting threats depending on infliction of substantial harm to the rights and legal interests of citizens or organizations, or the legally protected interests of the society or the state.

Scientific novelty: the novelty of the research is mainly due to the actual underdevelopment of the issues related to the legal definition and implementation of criminal liability for violating the rules of centralized management of technical means of counteracting the threats to sustainability, security and integrity of functioning of the telecommunication network Internet and the general purpose communication network in the territory of the Russian Federation.

Practical significance: the main provisions and conclusions of the research can be used for improving the mechanism of criminal-legal protection of information security, further development of the Russian doctrine of criminal law on liability for crimes in the sphere of computer information.

1. Bitzer, M., Häckel, B., Leuthe, D., Ott, J., Stahl, B., & Strobel, J. (2023). Managing the Inevitable – A Maturity Model to Establish Incident Response Management Capabilities. Computers & Security, 125, 103050. https://doi.org/10.1016/j.cose.2022.103050

2. Bokshitskii, V., & Meltseva, I. (2017). Improving the protection of socially significant information resources. Voprosy Kiberbezopasnosti, S2(20), 11–14. (In Russ.).

3. Boughton, N. (2019). Protecting infrastructure from cyber attack. Network Security, 2019(4), 18–19. https://doi. org/10.1016/S1353-4858(19)30051-0

4. Broadhead, S. (2018). The contemporary cybercrime ecosystem: A multi-disciplinary overview of the state of affairs and developments. Computer Law & Security Review, 34(6), 1180–1196. https://doi.org/10.1016/j. clsr.2018.08.005

5. Cascavilla, G., Tamburri, D. A., & Van Den Heuvel, W. (2021). Cybercrime threat intelligence: A systematic multivocal literature review. Computers & Security, 105, 102258. https://doi.org/10.1016/j.cose.2021.102258

6. Colding, J., Colding, M., & Barthel, S. (2020). Applying seven resilience principles on the Vision of the Digital City. Cities, 103, 102761. https://doi.org/10.1016/j.cities.2020.102761

7. Dremliuga, R. I. (2022). Criminal-legal protection of digital economy and information society against cybercriminal infringements: doctrine, law, law enforcement: monograph. Moscow: Yurlitinform. (In Russ.).

8. Dremliuga, R. I., Korobeev, A. I., & Fedorov, A. V. (2017). Cyberterrorism in China: Criminal Law and Criminological Aspects. Russian Journal of Criminology, 11(3), 607–614. (In Russ.). https://doi.org/10.17150/2500- 4255.2017.11(3).607-614

9. Efremova, M. A. (2018). Criminal-legal protection of information security: monograph. Moscow: Yurlitinform. (In Russ.).

10. Elchaninova, N. B. (2020). Protection of critical information infrastructure as a new institute of legally enforcing information security. Information Society, 2, 58–65. (In Russ.).

11. Espinoza-Zelaya, C., & Moon, Y. B. (2022). Resilience Enhancing Mechanisms for Cyber-Manufacturing Systems against Cyber-Attacks. IFAC-PapersOnLine, 55(10), 2252–2257. https://doi.org/10.1016/j.ifacol.2022.10.043

12. Hausken, K. (2020). Cyber resilience in firms, organizations and societies. Internet of Things, 11, 100204. https://doi.org/10.1016/j.iot.2020.100204

13. Hoheisel, R., Van Capelleveen, G., Sarmah, D. K., & Hartel, P. H. (2023). The development of phishing during the COVID-19 pandemic: An analysis of over 1100 targeted domains. Computers & Security, 128, 103158. https://doi.org/10.1016/j.cose.2023.103158

14. Horsman, G. (2021). Digital evidence and the crime scene. Sci. Justice, 61(6), 761–770. https://doi.org/10.1016/j. scijus.2021.10.003

15. Khisamova, Z. I., & Begishev, I. R. (2022). Digital crime in the context of a pandemic: main trends. Russian Journal of Criminology, 16(2), 185–198. (In Russ.). https://doi.org/10.17150/2500-4255.2022.16(2).185-198

16. Kouloufakos, T. (2023). Untangling the cyber norm to protect critical infrastructures. Computer Law & Security Review, 49, 105809. https://doi.org/10.1016/j.clsr.2023.105809

17. Krasinsky, V. V., & Mashko, V. (2023). Cyberterrorism: criminological characteristics and qualification. State and Law, 1, 79–91. (In Russ.). https://doi.org/10.31857/S102694520024122-5

18. Lallie, H. S., Shepherd, L. A., Nurse, J. R. C., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2021). Cyber security in the age of COVID-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248. https://doi.org/10.1016/j.cose.2021.102248

19. Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, 8176–8186. https://doi.org/10.1016/j.egyr.2021.08.126

20. Li, Y., Tong, Y., & Giua, A. (2020). Detection and Prevention of Cyber-Attacks in Networked Control Systems. IFAC-PapersOnLine, 53(4), 7–13. https://doi.org/10.1016/j.ifacol.2021.04.001

21. Luzyanin, S. G., & Troshchinsky, P. V. (2018). Ensuring China’s national security at the present stage (normative and legal aspect). Journal of Foreign Legislation and Comparative Law, 1, 60–69. (In Russ.). https://doi.org/10.12737/art.2018.1.8

22. Mohamed, D. (2013). Combating the threats of cybercrimes in Malaysia: The efforts, the cyberlaws and the traditional laws. Computer Law & Security Review, 29(1), 66–76. https://doi.org/10.1016/j. clsr.2012.11.005

23. Nguyen, C. L., & Golman, W. (2021). Diffusion of the Budapest Convention on cybercrime and the development of cybercrime legislation in Pacific Island countries: ‘Law on the books’ vs ‘law in action’. Computer Law & Security Review, 40, 105521. https://doi.org/10.1016/j.clsr.2020.105521

24. Pikurov, N. I. (2009). Qualification of crimes with blanket characteristics of the components of crime: monograph. Moscow: Russian State Academy of Justice. (In Russ.).

25. Prasad, R., & Moon, Y. (2022). Architecture for Preventing and Detecting Cyber Attacks in Cyber-Manufacturing System. IFAC-PapersOnLine, 55(10), 2246–2251. https://doi.org/10.1016/j.ifacol.2022.10.042

26. Qamar, S., Anwar, Z., & Afzal, M. (2023). A systematic threat analysis and defense strategies for the metaverse and extended reality systems. Computers & Security, 128, 103127. https://doi.org/10.1016/j.cose.2023.103127

27. Tonhauser, M., & Ristvej, J. (2019). Disruptive acts in cyberspace, steps to improve cyber resilience at National Level. Transportation Research Procedia, 40, 1591–1596. https://doi.org/10.1016/j.trpro.2019.07.220

28. Truntsevsky, Yu. V. (2019). Unlawful impact on critical information infrastructure: the criminal liability of its owners and operators. Journal of Russian Law, 5(269), 99–106. (In Russ.). https://doi.org/10.12737/art_2019_5_9

29. Tsao, K. Y., Girdler, T., & Vassilakis, V. G. (2022). A survey of cyber security threats and solutions for UAV communications and flying ad-hoc networks. Ad Hoc Networks, 133, 102894. https://doi.org/10.1016/j. adhoc.2022.102894

30. Ye, W., & Zhao, L. (2023). “I know it’s sensitive”: Internet censorship, recoding, and the sensitive word culture in China. Discourse, Context & Media, 51, 100666. https://doi.org/10.1016/j.dcm.2022.100666

31. Zharova, A. K. (2022).The legal regulation of relations in the sphere of prevention of possible information technology vulnerabilities. Bezopasnost biznesa, 1, 19–26. (In Russ.). https://doi.org/10.18572/2072- 3644-2022-1-19-26