論金融資安於彈性數位營運法之展望

The Effect of the Digital Operational Resilience Act (DORA) on the Financial Sector’s Information and Communication Technology (ICT) Risk Management

歐盟的金融體系在單一市場的營運下，過去以單一法典體系Single Rule Book 的架構就足以規範其金融營運，由於世界各國近來對於資訊通訊安全的重視，與5G 科技建構下造成資安的危機感，歐盟執委會在109年9 月24 日提出的數位金融包裹案，將彈性數位營運的概念包含在此包裹案中，提出了彈性數位營運法案Proposal for Digital Operational Resilience Act (DORA)。該法案針對的主要對象為金融機構營運時所運用的資訊通訊科技(Information Communication Technology)，其目的為要求金融單位在營運時，對於所面對的資訊通訊科技的風險管理能隨著科技的進步有精進的作為。因金融行為是所有產業在營運上的基本要件，藉由對於金融的數位範疇進行風險控管下，並利用市場的機制達到潔淨網路的目標。

"The “Race” on 5G requires new approaches to cyber security. Many countries and industries show a serious dedication to establish better protection and limit the impact of cyber-attacks. Information and Communication Technology (ICT) supports complex systems used for daily communications and activities, including those of financial institutions. The proposal for a Digital Operational Resilience Act (DORA) represents the European Commission latest approach on protecting cyber risk in financial service sector. Due to high financial service demand, DORA may improve cyber security for most industries by strengthening their digital operational resilience. Under the supply and demand theory, Digital Operation Resilience act could be a more practical method to reach the goal of a “Clean Network.”"