The history of the formation of the theory of information security
Methods and means of information protection in each historical epoch are closely related to the level of development of science and technology. The categories of protected information were determined by the economic, political and military interests of the State.
Information security elements have been used since ancient times: it is known that cryptography was used in Ancient Egypt and Ancient Rome. According to Herodotus, already in the 5th century BC, information encoding was used. A classic example of one of the first uses of cryptography is the so-called "Caesar cipher".
Let's trace the connection between the development of the political and economic structure of Russia and information protection activities (Tables 1, 2).
Conclusions from Table 1:
The conditionality of the information security system by historical development;
Distribution of competencies, regulation of rights and responsibilities between departments and departments;
The lack of special information protection authorities;
Lack of scientific study of the issue;
The experience of information protection in the Russian Empire was used in the organization of information protection in the USSR.
Conclusions from table 2:
The problem of information security was greatly influenced by internal and external political reasons.
The environment hostile to the USSR put the issues of ensuring the secrecy of information in the first place.
Table 1
Information protection in Russia
Period Factors of influence Protection activities Protection agencies
XVII century .
Formation of the Russian centralized state, formation of public administration bodies, development of international relations
The use of disinformation; the introduction of restrictions on entry; encryption of correspondence; the introduction of liability for disclosure of information.
Responsibility for espionage and treason.
Responsibility for theft and forgery of documents and seals. Issues of information protection in the Lawsuits of 1497 and 1550.
Weapons, Government, Embassy orders. The order of secret affairs
XVIII century .
The development of commercial and industrial activities, the emergence of joint-stock companies, credit relations, stock exchange activities
Expanding the composition of protected information
The Transfiguration Order, the Supreme Privy Council. The Military College. The Board of Foreign Affairs. Secret Investigation Office. The Secret Expedition
XIX century .
New forms of joint-stock companies, the industrial revolution
Restriction on the publication of information received through official channels.
Protection of trade secrets (secrets of trade and merchant books).
Legislation in the field of patent and copyright law.
Censorship regulations
The State Council. The 1st and 3rd departments of His Imperial Majesty's Own Chancellery. The General Directorate for Press Affairs. Special Branch of the Police Department.
Technical Committee
The beginning of the twentieth century. The First World War
The law "On High Treason by espionage". Creating "closed" zones. Expanding the composition of protected information.
A military-industrial secret.
Information protection during radiotelegraphic negotiations
Ministry of the Interior, Police Department, Ministry of War, Committee for the Protection of Industrial Property
Table 2
Information protection in the USSR (1917-1995)
Period Factors of influence Protection activities Protection agencies
1917 - 1945
Changing the political and economic system
Cancellation of trade secrets.
An increase in the amount of information that makes up the state secret.
Activation of foreign intelligence agencies to obtain information about the political, economic and military situation of the USSR.
Centralization of the management of the protection of state secrets.
Increased responsibility for the disclosure of state secrets, loss of secret documents and negligent handling of them
by Special information protection authorities (spec. department of the Cheka-GPU, hereinafter - the 7th department of the NKVD)
1945 - 1975 Cold War
The introduction of the position of deputy head of the facility for the regime.
Expanding the scope and subject of protected information and categorizing it according to the degree of secrecy.
Tightening the secrecy regime. "The list of information constituting the state secret" (1948). "Instructions for ensuring the preservation of state secrets in institutions and enterprises of the USSR" (1948)
Ministry of State Security (1946).
State Security Committee under the Council of Ministers of the USSR (1954)
1975 - 1995
The emergence of information wars and confrontation
The emergence of new media, automated systems and distributed data processing systems.
Large-scale use of technical intelligence tools.
Development of theoretical security models
The State Technical Commission on Countering Foreign Technical Intelligence (1973)
At the present stage of society's development, information acts as a form of ownership, and therefore has a certain value. To emphasize the role of information in society, they talk about the "information society", in contrast to the previous phase of society's development - the "industrial society".
Since the 90s of the twentieth century, Russian scientists have been actively engaged in research in the field of information security.
V.A. Gerasimenko has developed a system-conceptual approach to ensuring information security of automated data processing systems. A.A. Grusho and E.E. Timonina presented an evidence-based approach to the problem of guaranteeing information protection in a computer system.
A.A. Grusho new types of hidden information leakage channels were introduced into the field of research, based on the use of statistical characteristics of the system.
S.P. Rastorguev and A. Y. Shcherbakov developed a theory of destructive program effects. A.Y. Shcherbakov also developed a subject-object model of the system, on the basis of which the concepts of information flows and accesses in a computer system were formed.
Representatives of the St. Petersburg Scientific School, headed by P.D. Zegzhda, made a great contribution to the study of the theoretical foundations of information security. They have developed a taxometry of gaps and flaws in computer system protection systems, presented a number of technical solutions for the creation of secure computer systems, in particular, an organizational and hierarchical access control system.
Representatives of the School of the Institute of Cryptography, Communications and Informatics (ICSI) The Academy of the FSB of Russia headed by B.A. Pogorelov (P.N. Devyanin, D.I. Pravikov, A.Y. Shcherbakov, S.N. Smirnov, G.V. Fomenkov, etc.) conducted research in the field of cryptographic information protection, and also prepared a whole series of educational publications, which allowed to form a methodological base for training specialists in the field information security.
When considering information security issues, two approaches can currently be distinguished:
Informal, or descriptive. At the same time, the complex of issues of building protected systems is divided into main areas corresponding to threats, a set of measures and protection mechanisms for each area is being developed.
Formal. It is based on the concept of a security policy and the definition of ways to ensure compliance with its provisions.
As a natural science discipline, the theory of information security is developing in the direction of formalization and mathematization of the main provisions, the development of integrated approaches to solving information security problems.
The theory of information security is constantly evolving because in connection with the development of information processing and transmission technologies, new tasks are constantly emerging to ensure information security.
It should be noted that at present it is one of the most developing natural sciences. New promising areas of research are constantly emerging, and existing ones are receiving even deeper scientific study.
Among the promising areas are the following:
Formalization of the provisions of the theory of information security;
Development of security models that more accurately reflect the current level of development of computer technology and information technology and are more convenient for practical use and analysis of the security of real speakers;
Development of means and methods of countering threats of information warfare;
Security issues in global information networks, such as the Internet;
Security of e-commerce systems;
Security issues of information processing by mobile users.
The so-called information security centers play a special role in the development of the theory of information security as a science and industry. These include government, public and commercial organizations, as well as informal associations whose main activities are coordinating efforts aimed at updating information security issues, conducting theoretical research and developing specific practical solutions in the field of security, analytical activities and forecasting.
In the Russian Federation, well-known information security centers include such institutions as the Federal Service for Technical and Export Control (FSTEC), the Institute of Cryptography, Communications and Informatics of the Academy of the Federal Security Service (ICSI) and the Academy of Cryptography of the Russian Federation (AK RF).
Foreign information security centers are widely represented on the Internet. According to their priority areas of activity, among such centers there are:
Information and analytical. They are mainly engaged in collecting and distributing information about known vulnerabilities of systems, attacks and intrusions, software and hardware for prevention and protection. Analytical reviews are regularly published and distributed, and Internet conferences dedicated to information protection are held.
Rapid response. For these centers, a key aspect of their activities is to provide practical assistance to those whose interests have been harmed as a result of an information security breach.
Consulting services. They are mainly engaged in providing consulting services to organizations experiencing difficulties with the selection or implementation of software, hardware or integrated protection measures, the development of a security policy or the use of a regulatory framework governing the application of protection measures.
Scientific research. As a rule, they operate on the basis of faculties of large educational institutions or departments of state organizations and focus on studying and improving the theoretical foundations of information security, researching and developing models of secure systems, synthesizing and analyzing protective mechanisms, and improving the legislative framework.
Certification authorities. They implement programs for testing, comparing and certifying protective equipment, as well as develop approaches to certification and testing methods. There are state and independent certification centers.
The role of such centers is generally expressed in the fact that they determine the directions of further development.
