欧盟关键信息基础设施安全政策的演进与启示  

作　　者：谢波 王志祺 XIE Bo;WANG Zhiqi

机构地区：[1]西南政法大学国家安全学院 [2]西南政法大学总体国家安全观研究院

出　　处：《国家安全论坛》2025年第1期42-59,99,共19页National Security Forum

基　　金：国家社会科学基金重大项目“新时代国家安全法治的体系建设与实施措施研究”(项目编号:20&ZD190)的阶段性成果。

摘　　要：关键信息基础设施是经济社会运行的“神经中枢”。自20世纪90年代以来,欧盟开始关注关键信息基础设施安全,立足战略需要制定了一系列政策维护关键信息基础设施安全。分析这些政策文件的发布主体、时间、名称、性质、内容及相互关系,可以看到欧盟关键信息基础设施安全政策的演进历程。政治方面,地缘冲突加剧造就了欧盟的核心安全焦虑;经济方面,欧盟数字经济发展催生出新的安全需要;社会方面,移民问题和恐怖主义叠加使网络空间安全面临严峻威胁;技术方面,网络安全风险新特征助推安全科技不断革新。这些因素综合影响欧盟维护网络空间安全的战略考量,推动其在关键信息基础设施安全保护上向更强大的态势感知能力和更健全的情报研析体制发展,构建更完善的规范体系,建立统一、协调的行动和反馈机制等。欧盟关键信息基础设施安全政策的演进予人诸多启示,包括应推动关键基础设施规范体系化建设,优化网络安全工作制度,防范网络空间风险外溢,引领创建新型“集体安全”共同体。Critical information infrastructure serves as the“nerve center”of economy and society.Since the 1990s,the European Union(EU)has begun to pay attention to the security of critical information infrastructure and has formulated a series of policies for ensuring the security of critical information infrastructure based on the strategic needs.The evolution of the EU policy on critical information infrastructure security can be discerned by analyzing the issuing bodies,time of issuance,titles,nature,contents and interrelationships of these policy documents.In the political field,the intensification of geopolitical conflicts has resulted in the core security anxiety of the EU;in the economical field,the development of EU's digital economy has given rise to new security needs;in the social field,the combination of immigration issues and terrorism poses severe threat to cybersecurity;in the technological field,the new characteristics of cybersecurity risks promote the continuous innovation of security technologies.The confluence of these factors impacts EU's strategic considerations in safeguarding its critical information infrastructure,drives EU's progress towards stronger situational awareness capabilities and a more sound intelligence analysis system for securing critical information infrastructure,EU's development of a more comprehensive system of norms,and EU's establishment of unified and coordinated action and feedback mechanisms.Lessons can be learned from the evolution of the EU policy on critical information infrastructure security:it is necessary to promote the systematic development of norms for critical infrastructure,continuously optimize the cybersecurity work system,prevent the spillover of cyberspace risks,and lead the building of a new community of“collective security”.

关 键 词：欧盟 关键信息基础设施安全 国家安全政策 网络空间安全 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]