Evolution and paradoxes of the regulatory framework for ensuring the security of critical information infrastructure facilities

Today in Russia the active work is going on the implementation of a relatively new mechanism of state regulation in the field of information security, which is legally defined as ensuring the security of significant objects of critical information infrastructure (CII). The subjects of this legislation have carried out a fairly large amount of organizational measures supported by scientific research of domestic and foreign specialists. The paper is devoted to the study of the issues of ensuring the safety of significant CII objects based on a critical system analysis of the regulatory framework and indicating the ambiguity of interpretation and possible options for the practical implementation of the requirements related to a specific field. The high level of tension of discussions in this area at various forums demonstrates that the formation of a new system at the level of individual subjects causes many difficulties and even sometimes leads to rejection of some aspects of regulatory requirements. As a rule, this always happens at the initial stages of the formation of any new system due to ambiguity of the wordings and the presence of significant internal contradictions in certain regulatory acts. One of the significant problems, in our opinion, is a certain misunderstanding, especially in the real sector of the economy, of the need to introduce and the role of a new security mechanism within the overall set of information security measures that have already been implemented in Russia for more than a quarter of a century. Conducting a system analysis of such a problematic situation is especially relevant for the educational community that has already started implementing new training programs of various levels of training, retraining and advanced training of specialists in the field of information security. Based on the description of the evolution of domestic legislation in the field of information security, for the need for a new mechanism of state regulation is justified. Examples of ambiguity and internal contradictions (paradoxes) of some provisions of regulatory legal acts on the safety of CII facilities are given, showing the urgent need for their improvement as well as for additional efforts to interpret the main provisions, based on the principle of a creative approach to explaining complex issues.