MOSCOW, July 7 (RAPSI) – The State Duma passed in the second reading on Friday a bill on criminal penalty of up to 10 years in prison for cyberattacks against Russia’s critical information infrastructure.

The bill submitted by the Government envisages criminal responsibility of Russian nationals, foreigners, and stateless persons for attacks on crucial IT infrastructure, alongside disciplinary, civil, and administrative responsibility for such actions. 

An explanatory note to the bill reads that it is deemed feasible to introduce respective amendments to the Russian Criminal Code and Criminal Procedure Code taking into account the urgent need to step up legal protection of the crucial Russian IT infrastructure security in criminal law.

A new Criminal Code Article ‘Illegal influence upon the crucial information infrastructure of the Russian Federation’ would introduce various types of punishment for creating and distributing software or computer information deliberately aiming to have negative impact on such infrastructure, or to obtain unauthorized access to computer information protected by law contained therein, as well as misuse of equipment for storage, processing, or transmission of the respective data ranging from fines between 500,000 and 1 million rubles ($8,300 to $16,500 at the current exchange rate), compulsory work for up to five years, or prison terms for up to 10 years.

The proposed legislation is in line with the new Russian Information Security Doctrine recently approved by President Vladimir Putin, which is aimed at reinforcing the country’s sovereignty, territorial integrity, maintaining political and social stability, protecting human and civil rights and liberties, as well as crucial IT infrastructure.

The document states that information technologies have extended over the globe becoming an integral part of all spheres, in which individuals, societies and states are active.

According to the new doctrine, the opportunities of cross-border circulation of data are increasingly used to achieve geopolitical, military and political (in contravention of international law), terrorist, extremist, and other illegitimate goals to the detriment of international security.

The state authorities are to strengthen the hierarchical structure of management of the computer systems, data processing and communications operators. Besides, the doctrine states, the state authorities are to improve certain aspects of functioning of the system ensuring information security.