The information security concept of Belarus


The information security concept of the Republic of Belarus (hereinafter referred to as ISC) was approved by Resolution No. 1 of the Security Council of Belarus dated March 18, 2018. The selected type of legal act to approve ISC is not a standard one. For example, the national security concept was approved by a presidential decree, the concept of combating terrorism was approved by the Council of Ministers, i.e. ordinary legal acts to regulate similar areas of government activity.

In Belarus, there is a need to create not just a concept, but an information security strategy with all the attributes inherent in this type of document: goals, objectives, criteria and indicators for assessing performance, implementation mechanisms, monitoring algorithm, expected results, etc. Perhaps, the main thing here is the appointment of responsible government agencies and interaction in related areas due to the fact that information operations can simultaneously affect various areas and full counteraction is possible only with quick mutually agreed measures implemented by various departments (in our conditions, when officials are sometimes afraid to speak publicly even in their field of activity, this is very important). An attempt to present a ISC for a foreign user (in terms of the introduced concepts of information sovereignty and neutrality) would be more successful, if the ISC developers formed it like a doctrine similar to the military one. In this regard, it can also be recalled that even measures to ensure national food security until 2030 are formalized in the form of a full-fledged doctrine approved by the Council of Ministers. But both strategy and doctrine are deeply developed documents with a clear understanding of what and when should take place as well as how to ensure this. The concept is just a sketch for the specified documents. Thus, the design of information security measures and the legal act by which ISC is approved testifies, at a minimum, only the initial steps in this direction (although in 2000 there was an attempt to develop a law on information security, and the ISC project was submitted to the members of the Security Council for consideration in 2005). Previously, the Security Council only endorsed concepts and doctrines, then submitted them for the approval. In fact, ISC can also be approved by a decree later.

In whole, an attempt to approach ensuring information security systematically (as always in Belarus, with a big delay), albeit at this level, should be evaluated positively. The positive aspects of ISC include the following:

— introduction of the definitions of “information sovereignty” and “information neutrality”. These concepts to a greater extent bear the PR component for subsequent initiatives, repeatedly raised by various countries, including Belarus, on the formation of international law in terms of non-interference in the sovereign information space of the state, by analogy with physical territory and political independence. This is a good move for political advertising in the international arena;

— an approach to ensuring information security aimed not only at neutralizing, but also at preventing information risks, challenges and threats, preparing scenarios and crisis response plans for information security threats, implementing information containment policies;

— ensuring the right of citizens to privacy and other secrets protected by law, the protection of personal data, the creation of an authorized subject (s) to protect the rights of individuals during the processing of their personal data (the draft law “On the protection of personal data” regulating legal relations);

— introduction of terminology and measures relating to cybersecurity. ISC states that the Republic of Belarus has the strategic goal of developing a cybersecurity system, national cyber-risks insurance markets and penetration testing services (the latter is rather ambiguous, since it can be a source of data leakage for users working only on trust to penetration testers but not having the right of controlling testers);

— securing the interest of the state in consistently reducing the number of state bodies and organizations with the authority to classify information as well as the total amount of state secrets, while at the same time guaranteeing effective protection of protected information, protection against unjustified secrecy, concealment, untimely dissemination or provision of information;

— the introduction of public-private partnership in order to attract competences, personnel, technology, capital of private enterprises, increase the efficiency of using budget funds and assets of enterprises, jointly develop and implement investment and other projects in the field of information security.

At the same time, many ISC provisions are purely declarative, both for objective reasons and for subjective views of the authorities. For example, from the point of view of information security of the Belarusian people, the following provisions are really positive: “taking measures at the state level to increase the volume, diversity and quality of national content”, taking into account “erosion of the national mentality and identity”, understanding of the importance of the national language, “expansion of social functions and communicative abilities of the Belarusian language, its full and comprehensive development together with other elements of the national culture are a guarantee of humanitarian security of the state”.» These provisions, in general, have nothing new — all of them, in one way or another, derive from other legal acts of Belarus. For example, the 2010 national security concept noted that “special attention will be paid to consistently improving the quality, volume and competitiveness of national content, which is designed to occupy a dominant position within the country, and its promotion into the external information space.”

As we see in practice, this has not led to anything serious. When it comes to the practical implementation of the popularization of the Belarusian language, the classic speeches of officials are heard: “Belarusian language should not be opposed to Russian”, “national content does not mean that it will be in Belarusian”, etc. As for the erosion of the national mentality and identity, there is only one threat to them now — the informational and psychological impact of Russia (the West with its filmmaking, pop culture, etc., cannot be compared with the Russian influence). Moreover, the authorities themselves contribute to the realization of this threat both as part of a personal initiative (“Russian with a quality mark”) and legally in the framework of agreements with Russia on cultural interaction, the information field of the so-called “Union State”, etc. It is important to note that such an erosion is going on in all age groups: among young people it is the influence of Russian subcultures, bloggers; among the people of mature age — work, business, television; the elderly have maintained the Soviet basis of self-identification, which is fuelled by television. At all levels there is no serious opposition to this. Moreover, in terms of the formation of strategic security at the youth level, such issues are not discussed (based on ISC and official speeches, even national content is understood as the content of state-owned media and TV, while nothing is said about youth, subcultural and new media content).

The ISC states that it defines strategic objectives and priorities in the field of information security. However, in fact, at least in terms of the information and psychological component of information security it doesn’t. In the legal provision of information security (judging by the regulatory legal acts in this area) the authorities consciously ignore, perhaps, the most strategically important aspect — education (why this is done is a separate question). In ISC, education is mentioned only in the context of training for information security. The recent establishment of the minimum positive points for “centralized enrolee testing” testifies to a drop in the level of education and its formalization. But, since the attitude of the authorities to education is situational rather than strategic, such problems for the authorities are not subject to consideration within the framework of national information security.

ISC doesn’t mention such important trends in people’s minds like “clip character” thinking, a shift in the understanding of the world from abstract and logical to sensual, reduced ability to retain complex objects in thinking and attention, perspective development of the brain-computer interface and other important trends, without which it is impossible to form a truly information security strategy. All these trends are being actively studied, some have entered into a number of doctrines and concepts (including in Russia), so the depth of the “exclusively national product” is quite questionable. At the moment, the ISC itself is more like a five-year plan document for the authorities.

The concept in most provisions contains rules that are strictly regulatory and prohibitive, and almost nothing is told about stimulating the development of certain aspects of information security, which is quite contradictive. For example, there is the above mentioned need to ensure the competitiveness of national content, but at the same time, “the state provides legal support to domestic media aimed at improving the quality of an audiovisual product and expanding thematic and genre diversity of programs, … including through legislative regulation of the volume and quality of foreign broadcasting in the Republic of Belarus, regulation of the volume of advertising services, determination of optimal conditions for registration”.  So, the ISC does not imply measures to stimulate content improvement and competitiveness, but, on the contrary, using a monopoly, destroys competition. This, of course, leads not to quality increase, but to its decline. Here, it is appropriate to mention clause 98 of the ISC, where the development of public-private partnership (hereinafter referred to as PPP) is noted in the field of information security as support for domestic producers of information systems software and information security systems. There is no mention of PPP in the information and psychological component of information security and in the formation of national content. This is understandable: this part was most likely written by the HTP or IT lobbying authorities. Therefore, in many respects, and also taking into account the Security Council’s staff, the ISC is more technical rather than psychological in nature. Which is proven by both the technocratic approach to the dominance of prohibitions over stimuli, and by the absence of elaboration on the psychological component.

According to ISC, the main sources of information-psychological threats in the information sphere include the informational confrontation between the world’s leading centres of power, the purposeful formation of information reasons for discrediting the state foreign and domestic policy inside and outside the country. Which means targeted actions of other states or non-state actors (psychological operations, soft power activities, etc.) on influencing national mentality, reducing the level of self-consciousness of the Belarusian people, etc. ISC does not refer to threats of an information and psychological nature. A number of other provisions allow us to conclude that the ISC is aimed at ensuring the information security of the authorities (their domestic and foreign policy), and not of the people.

According to ISC, one of the priorities is the support for the preservation of traditional social principles and values ​​in society. It is important to remember who now bears the “traditional values” in the world — our neighbour Russia. When it comes to the promotion of traditional values ​​in many ways it comes down to the banal identification of the West with homosexuals for its demonization in the eyes of our citizens, and not the actual promotion of family values ​​(it is possible to assess the “quality and level” of the latter by statistics of divorces and domestic violence). This position of the ISC will formally allow simply to conduct anti-Western and / or pro-Russian propaganda, which is often the case. Moreover, this provision can provide carte blanche to such organizations as the Russian orthodox church, “cossacks” and other pro-Russian structures for activities in our schools, the formation of “patriotic” camps, etc. under the auspices of the propaganda of the same “traditional values”. It is necessary to mention here that “the provisions of the ISC are used in the implementation of projects by the organizations involved in public life and citizens’ initiatives”. But the only question is which organizations and citizens will be involved in the implementation of the ISC: for example, whether Russian orthodox church will be one of them.

Returning to the technical aspects of the ISC, which directly affect the psychological component, we should note the implementation of measures at the state level in order to reduce anonymity in the information space. On the one hand, such a policy should lead, for example, to reducing the influence of foreign “trolls”, which is good. But in practice, in terms of commentators on information resources, this can lead to the opposite, when the trolls, who always find a way to log in and write comments, will feel ok, while real people will leave because of the need to sign up, etc. This means that the formation of public opinion will be easier for non-Belarusian actors.

As we already mentioned above, an important aspect is the imposition of responsibility and the granting of powers to state bodies and other organizations as well as the establishment of the procedure for their interaction. Of course, in concepts this is not always an obligatory requirement. However, the ISC states that the response to risks and challenges in the information sphere is carried out by all state bodies and organizations without exception in accordance with the scope of their activities according to their intended purpose as fully and efficiently as possible. Interaction between authorities is not mentioned. The ISC directly mentions only one state body (more precisely, the structural component of the state’s military organization) — the Armed Forces of the Republic of Belarus, which are taking measures to ensure information security as part of the assigned tasks for their immediate purpose using modern, high-tech forces and means.

As indicated in the ISC, in the event of a significant complication of the information environment, including the need to ensure the military security of the state, additional measures to protect the information sphere by legal, information technology, technical and other methods (information confrontation) are taken and priority communication between the military system of the state and civil sector is organized. Again, it is clear that priority is given to technical methods of information confrontation. But the information-psychological confrontation differs from the technical one (although not always). In large-scale operations it begins smoothly and is little noticeable, and it is not always possible to identify the “significant complication” of the situation, especially without having indicators and evaluation criteria.

In general, the ISC can be attributed to the positive trends in the work of the authorities in the information sphere, but with the understanding that the ISC is aimed at ensuring information security of the authorities, not the people. It is designed for the formation of documents regulating legal relations in this area in time up to 10 years. Of course, there are useful provisions in the ISC for ensuring the national information security, but there are doubts that all of them will be fully implemented in practice.