Russia’s cyber security policy for atomic energy sector

The study analyzes the policy of Russia on atomic energy cyber security. We use two levels (legal and practical) to analyze cyber strategy, institutions and experi-ence (policies) of Russia’s atomic energy security. We reveal laws and policy pa-pers regulating cyber security policy in Russia. We analyze the priorities men-tioned in cyber strategies as well as terms, goals, and bodies in charge (institu-tions) of atomic energy cyber security. In addition, the research considers official statistics data, experts’ surveys, regulatory documents of the Federal Service for Technical and Export Control (FSTEC) and sectoral agencies (in particular, Ros-energoatom). We conclude that the current requirements developed by FSTEC or Rosenergoatom are, on the one hand, mandatory for use, as well as with other parties that are sufficiently technical, taking little account of the managerial and organizational issues of information security provided in the IAEA documents. On the other hand, there are no obstacles to apply the IAEA documents in Rus-sia, which do not contradict Russian law. However, there are objects of critical infrastructure which are not judicable to Rosenergoatom or Rosatom. Today, there are no specific information security requirements for such objects.