On 2 May 2018 the European Central Bank (ECB) published the European framework for Threat Intelligence-based Ethical Red Teaming (“TIBER-EU Framework”), the first Europe-wide framework for controlled and bespoke tests to improve the resilience of financial entities against sophisticated cyber attacks. It facilitates a harmonised European approach towards intelligence-led tests which mimic the tactics, techniques and procedures of real hackers who can be a genuine threat. TIBER-EU based tests simulate a cyber attack on an entity’s critical functions and underlying systems, such as its people, processes and technologies.

It is up to the relevant authorities and the entities themselves to determine if and when TIBER-EU based tests are performed. Tests will be tailor-made and will not result in a pass or fail – rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity.

The framework can be used for any type of financial sector entity, as well as entities in other sectors (including payment systems, central securities depositories, central counterparty clearing houses, trade repositories, credit rating agencies, stock exchanges, securities settlement platforms, banks, payment institutions, insurance companies, asset management companies and any other service providers deemed critical for the functioning of the financial sector).

[SOURCE: ECB]