当前全球网络安全局势复杂严峻，数据安全事件频发。关键信息基础设施作为数字经济时代社会运行的神经中枢，是网络安全的重中之重，运营者是否能够正确认识并适当履行安全保护义务，事关国家网络安全的维护和我国数字经济的健康发展。然而，理论界对此问题鲜有研究。以《关键信息基础设施安全保护条例》为切入点，梳理分析运营者履行安全保护义务的主要环节与具体内容，评述现有治理体系的进步与不足，提出运营者应树立弹性安全的网络安全治理观念、完善网络安全信息共享制度、优化建立全生命周期的供应链安全管理体系的改革建议。

The current global network security situation is complex and severe, and data security incidents occur frequently. As the nerve center of social operation in the digital economy era, critical information infrastructure is the top priority of network security. How operators correctly understand and properly perform their security protection obligations is related to maintaining national network security and promoting the healthy development of digital economy in China. However, there has been little research on this issue in in theoretical circles. Taking the "Regulations on the Security Protection of Critical Information Infrastructure" as an entry point, this paper sorts out and analyzes the main links and specific contents of operators' fulfillment of security protection obligations, and reviews the progress and shortcomings of the existing governance system.It puts forward the reform suggestions that operators should establish a flexible and safe network security governance concept, improve the network security information sharing system, and optimize the establishment of a full life cycle supply chain security management system.

G311