The Russian government has drafted a bill introducing prison sentences as punishment for those who create software used in targeting critical national infrastructure, even if they have no part in actual attacks.

The bill, published on the government’s website on Wednesday proposes to amend the Criminal Code with a new article titled ‘Illegal influence upon the critical informational infrastructure of the Russian Federation’. An explanatory note attached with the bill elaborates that it would introduce criminal responsibility for creating any software that is deliberately made for attacks on the national data grid and its critical parts.

When such hacking causes little or no harm culprits can be fined between 500,000 and 1 million rubles (about $7,700 to $15,400) or in the amount of their income for between one and three years’ time, ordered to conduct compulsory work for up to five years, or put behind bars for the same term.

Read more

If the hacking leads to grave consequences or creates a threat of such outcome the bill orders that those involved in it should be sentenced to between five and 10 years in prison.

The bill was drafted a short time after President Vladimir Putin signed an updated doctrine on Russian information security. The document states that the unimpeded flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists and foreign special services.

To counter these threats and challenges Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT,” as well as neutralize psychological operations targeting “historical foundations and patriotic values” the document reads. It also provides for the strengthening of critical national information infrastructure so that it can withstand cyberattacks.