Russia’s lower house has approved a bill that defines which of the country’s informational infrastructure is to be considered critical, while setting a maximum sentence of 10 years imprisonment for hackers that attack it.
In the final draft of the bill published on the State Duma’s website, critical informational infrastructure is defined as data systems and telecommunication networks belonging to Russian state bodies and agencies, as well as automated control systems used in the defense industry, healthcare, communications sector, transport, banking and finance, energy industry, and several more industry sectors, like the nuclear, space, and fuel. The list also includes organizations engaged in science and research.
The head of the lower house’s Committee for Informational Technology and Communications, MP Leonid Levin, said the draft also orders the creation of a National Coordination Center for Computer Incidents – an “organization created by a federal body of executive power and charged with the task of creating and running a state system for detecting and preventing hacker attacks and repairing the damage inflicted by such attacks on the data resources of the Russian Federation.”
The bill also gives a yet to be identified authority the responsibility of drawing up the full list of objects to be considered critical informational infrastructure. These can be owned by Russian companies, private persons, or foreign citizens or companies, but their interests must be officially represented by Russian legal entities.
The same bill also stipulates that exerting “unlawful influence” on the critical informational infrastructure of the Russian Federation is to be punished by up to 10 years in prison, along with an official ban on assuming certain posts.
The bill now needs to be approved by the upper house and signed by the president to become law. If everything goes smoothly, it is expected to come into force on January 1, 2018.