網絡攻擊的金融監管困境與消解路徑——以防範系統性金融風險為視角

Regulatory Dilemma and Dissipation Path of Financial Cyber Attack—The Perspective of Preventing Systemic Financial Risks

數字金融的發展促使金融業務與信息技術深度融合，滋生了更具傳染性的金融網絡威脅。技術應用致使網絡受攻擊面不斷擴大，靜態監管手段存在技術壁壘，而動態監管措施單一且不力，導致系統性金融風險敞口擴大。網絡韌性理論及網絡韌性測試應運而生，強調網絡攻擊的監測預警和多元主體的協調聯動，契合了系統性金融風險防控和網絡攻擊應對的現實需求。基於此，可以通過出臺試點規範引入金融網絡韌性測試，以指定和自願相結合的模式確定測試範圍，注重各參與主體在測試中的協調聯動，以消解網絡攻擊可能引發的系統性金融風險。

The development of digital finance has led to the deep integration of financial business and information technology, which has given rise to more contagious financial cyber threats. The application of technology has led to the expansion of the attack surface of the network. The existence of technical barriers to static supervision means. The dynamic supervision measures are single and ineffective. All of the above increases the exposure of financial risks. The theory of cyber resilience and cyber resilience test were born. It emphasizes the use of network monitoring and early warning, as well as the coordination and linkage of multiple entities, to respond to network attacks, which meets the practical needs of systemic financial risk prevention and control. Therefore, in order to dissipate systemic financial risks that may be triggered, we could introduce a pilot specification to start financial network resilience testing, determine the scope of the test in a combination of compulsory and voluntary mode, and emphasize the coordination of the participating entities in the test.