MOSCOW, December 7 (RAPSI) – A bill introducing criminal punishment for cyber attacks has been sumitted to the State Duma, the lower chamber of the Russian Parliament, according to its electronic database.

The Government has submitted to the State Duma a draft federal law on cybersecurity envisaging criminal responsibility of Russian nationals, foreigners, and stateless persons for attacks on crucial IT infrastructure, alongside disciplinary, civil, and administrative responsibility for such actions.   

The explanatory note attached to the bill reads that it is deemed feasible to introduce respective amendments to the Russian Criminal Code and Criminal Procedure Code taking into account the urgent need to step up legal protection of the crucial Russian IT infrastructure security in criminal law.

A new Criminal Code article ‘Illegal influence upon the crucial information infrastructure of the Russian Federation’ introduces various types of punishment for creating and distributing software or computer information deliberately aiming to have negative impact on such infrastructure, or to obtain unauthorized access to computer information protected by law contained therein, as well as misuse of equipment for storage, processing, or transmission of the respective data ranging from fines between 500,000 and 1 million rubles ($7,700 to $15,400), compulsory work for up to five years, or prison terms for up to 10 years.

The proposed law is in line with the new Russia’s Information Security Doctrine recently approved by President Vladimir Putin, which is aimed at reinforcing the country’s sovereignty, territorial integrity, maintaining political and social stability, protecting human and civil rights and liberties, as well as crucial IT infrastructure.

The document states that information technologies have extended over the globe becoming an integral part of all spheres, in which individuals, societies and states are active.

According to the new doctrine, the opportunities of cross-border circulation of data are increasingly used to achieve geopolitical, military and political (in contravention of international law), terrorist, extremist, and other illegitimate goals to the detriment of international security.

The state authorities are to strengthen the hierarchical structure of management of the computer systems, data processing and communications operators. Besides, the doctrine states, the state authorities are to improve certain aspects of functioning of the system ensuring information security.