The Requirements for the Protection of Critical Information Infrastructure puts forward three basic principles: comprehensive prevention and control with key business as the core, dynamic protection with risk management as the guidance, and security protection of critical information infrastructure based on information sharing.

The security requirements of 1 1 are put forward from six aspects: analysis and identification, security protection, detection and evaluation, monitoring and early warning, active defense and incident handling, which provides a strong standard guarantee for the protection of key information infrastructure.

The safe and stable operation of key information infrastructure is related to the national economy and people's livelihood, public interests and national security. Its security protection is the top priority of network security work, and many network security laws and regulations in China have corresponding provisions on this.

On the basis of Network Security Law, Customs Protection Regulations and Network Security Level Protection System, combined with the achievements of China's existing network security guarantee system, the protection requirements for key information infrastructure are put forward, which is consistent with the requirements of other laws and regulations.

The Cyber Security Law is the first basic law of cyber security in China, which clearly stipulates the protection of citizens' personal information, the fight against cyber fraud, the protection of key information infrastructure and the online real-name registration system, promotes the perfection and unification of relevant laws and regulations, and provides the underlying support for the subsequent formulation and perfection of relevant laws and regulations.

Relationship between protection of key information infrastructure and hierarchical protection system

Equal protection 2.0 is the baseline of network security, and the security protection of key information infrastructure is to strengthen protection on the basis of equal protection. Operators of key information infrastructure should further strengthen two "implementations" and two "establishment".

Implement the relevant requirements of the national network security level protection system, and carry out network and information system classification, filing, safety construction rectification and level evaluation.

Implement the safety management system, formulate a network security protection plan suitable for this institution, and revise it at least once a year; Establish a safety management organization and define the person in charge of safety management of each key information infrastructure; To establish a safety management framework, it is necessary to clarify the responsibilities and obligations of employees for safety and confidentiality, and sign a safety and confidentiality agreement.