The current global network security situation is complex and severe, and data security incidents occur frequently. As the nerve center of social operation in the digital economy era, critical information infrastructure is the top priority of network security. How operators correctly understand and properly perform their security protection obligations is related to maintaining national network security and promoting the healthy development of digital economy in China. However, there has been little research on this issue in in theoretical circles. Taking the "Regulations on the Security Protection of Critical Information Infrastructure" as an entry point, this paper sorts out and analyzes the main links and specific contents of operators' fulfillment of security protection obligations, and reviews the progress and shortcomings of the existing governance system.It puts forward the reform suggestions that operators should establish a flexible and safe network security governance concept, improve the network security information sharing system, and optimize the establishment of a full life cycle supply chain security management system.