The European Central Bank (ECB) published TIBER-EU, which is the first EU-wide framework for controlled and bespoke tests against cyber-attacks in the financial sector. It will facilitate testing for cross-border entities under oversight of several authorities.
TIBER-EU is designed to enable EU and national authorities to work with financial institutions and infrastructures to implement a programme to test and improve their resilience against sophisticated cyber-attacks. An intelligence-led red team test involves the use of a variety of techniques to simulate an attack on an entity's critical functions and underlying systems (that is, its people, processes and technologies) to help the entity to assess its protection, detection and response capabilities.
The framework document provides an overview of TIBER-EU and how it will be implemented across the EU, with details of the key phases, activities, deliverables and interactions involved in a TIBER-EU test.
In its press release, the ECB encourages relevant authorities to engage with each other to determine how best to adopt and implement TIBER-EU. Financial infrastructures and institutions are encouraged to work closely with their regulators to establish a framework that will enhance the cyber resilience of their sector. Implementation will be monitored by the TIBER-EU knowledge centre (TKC).