The list of branch indices of the level of damage caused to national interests of the Republic of Belarus for highly important entities of informatization in science and technology
Approved by the Order of the State Committee on Science and Technology of the Republic of Belarus no. 210 of June 8, 2012
1. Indices of highly important entities of informatization.
1.1. The entities in order of importance: highly important sensitive facility; highly important entity; special sensitive facility; important entity, sensitive facility; non-sensitive facility, low-important entity.
1.2. Functional area of the entity of informatization:
- support of the functioning of a highly important sensitive facility;
- support of the functioning of a highly important entity;
- support of the functioning of a special sensitive facility;
- support of the functioning of a sensitive facility;
- support of the functioning of an important entity;
- support of the functioning of a low-important entity;
- support of the functioning of a non-sensitive facility.
1.3 The category of information processed at the entity of informatization:
- Information containing state secrets of the category “the state secret and the official secret”;
- Information containing state secrets of the category “the state secret”;
- Information containing state secrets of the category “the official secret”;
- Special sensitive information not containing state secrets.
1.4 Aspects of the ensuring of information safety and physical security:
- ensuring of integrity and confidentiality of information and accessibility to the object of informatization and processed information;
- ensuring of integrity of information and accessibility to the object of informatization and processed information;
- ensuring of confidentiality of information and accessibility to the object of informatization and processed information;
- ensuring of integrity and confidentiality of processed information;
- ensuring of integrity of processed information;
- ensuring of confidentiality of processed information;
- ensuring of accessibility to the object of informatization and processed information;
1.5 The ensured level of information safety and physical safety of the object:
- basic level of information safety and physical safety;
- extended level of information safety and physical safety;
- intensified level of information security and physical safety.
1.6 Potential danger level of the object:
- accidents which may be a source of interstate emergency situations;
- accidents which may be a source of state emergency situations;
- accidents which may be a source of regional emergency situations;
- accidents which may be a source of domestic emergency situations;
- accidents which may be a source of local emergency situations.
List of measures oriented to the enhancement of protection of highly important entities of informatization:
1. Rating highly important entities of informatization as the ones of the area of science and technology. A highly important entity of informatization (HIEI) refers to the entity of informatization which malfunction may cause negative implications for the protection, national safety, international relations, economy, other area of business or infrastructure of the country or for the vital activities of the population residing in certain areas for a long period of time.
Entities of informatization may be computer aids (automated systems of different levels and purposes, computer networks and centers, autonomous stationary and personal electronic computers and also copying-duplicating means with digital information processing functions) and software (for information processing purposes).
The HIEI security issue is determined by its compound multi-component structure on the one hand, and by high importance of the tasks solved by them on the other hand while the security infraction may cause irreparable damage and disastrous effects.
The main index of the rating of highly important entities of informatization as the ones of the area of science and technology is development or use of HIEI while developing scientific-technical products in priority areas of scientific-technical activities in the Republic of Belarus approved by the Edict of the President of the Republic of Belarus no. 378 of July 22, 2010. These areas are:
- energetics and energy saving;
- agro-industrial technologies of production;
- industrial and construction technologies and productions;
- medicine, medical equipment and technologies, pharmacy;
- chemical technologies, nanotechnologies and biotechnologies;
- information-communication aerospace technologies;
- new materials;
- rational use of natural resources, resource-saving and emergency protection;
- defense capability and national security.
Developments of HIEI or developments comprehending HIEI included in the National Register of Research and Development Works are subject to registration of entities as HIEI in science and technology.
After putting of HIEI or scientific-technical products comprehending HIEI into operation , the registration of HIEI in the area of science and technology is to be finished and the owner of HIEI is to effect registration in accordance with the branches within three days in accordance with the Enactment of the Council of Ministers of the Republic of Belarus no. 293 of March 30, 2012.
If the scientific-technical products comprehending HIEI is destined for researches, the re-registration in accordance with branches is not required in the process of putting into industrial (permanent) operation.
Typical components of highly important entities of informatization (HIEI) are:
- information resources of limited access which are a state, official and other confidential information and other publicly available information and knowledge in hard copy , electronic and optical form; information arrays and data bases; software; various informative physical fields;
- system of formation, distribution and use of information resources which comprehends means and systems of informatization (automated systems and computer networks of different levels and purposes; systems of communication; information technologies; technical means of collection, processing, storage and transfer of information; archives; libraries; data bases and data banks; means of data reprography and display; support technology and systems);
- production and technical and operating personnel of HIEI (managing workers; security administrators; administrators of automated systems; personnel having a direct access to management of the security of HIEI; workers well-informed about the information which is state, official, commercial secret or other type of confidential information);
- information infrastructure comprehending centers of processing and analysis of information, traffic channels and telecommunications, mechanisms of the ensuring of the functioning of telecommunication systems and networks including the systems and means of information protection;
- material means (buildings, constructions, depositories, technical equipment, transport; etc.);
- technical means and security and protection systems for material and information resources.
Availability of the mentioned components predetermines the necessity in the ensuring of information and physical security of HIEI on the basis of a single methodological approach to the identification of highly important segments and the choice of the methods and means of enhancement of the their protection.
Information security refers to the ensuring of the information and the maintaining infrastructure of accidental or deliberate natural or artificial influences which may damage the entities of information relations and the maintaining infrastructure.
Information security is a multifaceted area of activity. Only a systematic comprehensive approach implemented on hardware and software, organizational (procedural) and physical levels.
The implementation of this complex of measures is possible only in case of full-scale management of the process of the ensuring of safety on the part of high-qualified specialists taking into account all the potentially vulnerable places of safety.
2. Main factors influencing the state of information security of HIEI
The complexity of the problem is determined by the following factors:
- scale, heterogeneity and high connectivity of information infrastructure as an object of protection;
- physical and financial limits of the simultaneous ensuring of safety of all the number of heterogeneous objects of information infrastructure;
- impossibility to foresee all the various threats of attack to HIEI, possible forms, types and places of attack (the number of threat includes everything varying from computer viruses to physical influence on equipment and personnel;
- complexity of foresight and determination of the sources of threats and attacks;
- close interconnection with the world information infrastructure.
The information security of HIEI is influenced by a number of external and internal factors. The most important of them are: political, economic, legal and information factors; safety hazard factors and information security factors.
Political factors refer to all the methods of interaction between states in the field of the ensuring of information security and other types of security.
Economic factors refer to the issues related to the financing of activities oriented to the ensuring of the necessary state of information security.
Legal factors refer to the development and the putting into operation of the necessary normative-legal base.
Information factors refer to the issues of the informing of the society about the development and activities of HIEI.
Safety hazard factors refer to various threats to information security such as:
- actions performed by authorized users;
- methods of influence carried out by hackers;
- computer viruses;
- other unexpected developments.
Factors of the ensuring of the information security include methods and means of information protection.
All the mentioned factors influence considerably on the state of information security of HIEI.
3. Measures oriented to enhancement of protectability of highly important entities
In order to enhance protectability of highly important entities it is necessary to carry out these measures:
Group 1. Engineering and technical measures:
1.1. Construction of protective and engineering and technical buildings.
1.2. Renewal and modernization of the systems of emergency protection of the production.
1.3. Organization and construction of byroads.
1.4. Conversion of the production with the purpose of using safer raw materials.
1.5. Preparation of reserve systems of energy supply including the autonomous ones.
1.6. Other engineering and technical measures oriented to enhancement of protectability.
Group 2. Measures oriented to perfection of protection:
2.1. Perfection of physical barriers and obstacles, systems of control and management of access.
2.2. Perfection of systems of detection of entry of violators.
2.3. Perfection of systems of video surveillance and technical means for warning and influence.
Group 3. Financial and material and technical security:
3.1. Creation of financial and material and technical reserves.
3.2. Creation of fuel and energy resources, food, and other material and technical means.
3.3. Purchase of special rescue, fire-fighting and other equipment.
3.4. Purchase of engineering, equipment and property for the ensuring of durable autonomous operation of HIEI.
Group 4. Perfection of the system of informatization and management:
4.1. Preparation of local warning system.
4.2. Purchase of equipment and means of communication.
4.3. Preliminary establishment of reserve (mobile) control points.
4.4. Establishment of local monitoring system.
Group 5. Perfection of a preparation system oriented to enhancement for protectability:
5.1 Personnel training.
5.2. Administrative personnel training.
5.3. Enhancement of readiness of guard force.
5.4. Enhancement of readiness of rescue fire squads.
Group 6. Other measures oriented to enhancement of protectability:
6.1. Modernization and renewal of main production funds.
6.2. Implementation of schedule preventive repair works.
6.3. Provision of the personnel with personal protection equipment.