The Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) enables European and national authorities to work with financial infrastructures and institutions (hereafter referred to collectively as “entities”) to put in place a programme to test and improve their resilience against sophisticated cyber attacks.
TIBER-EU is a common framework that delivers a controlled, bespoke, intelligence-led red team test of entities’ critical live production systems. Intelligence-led red team tests mimic the tactics, techniques and procedures of real-life threat actors who, on the basis of threat intelligence, are perceived as posing a genuine threat to entities. An intelligence-led red team test involves the use of a variety of techniques to simulate an attack on an entity’s critical functions and underlying systems (ie. its people, processes and technologies). It helps an entity to assess its protection, detection and response capabilities.
TIBER-EU therefore has the following core objectives:
- to enhance the cyber resilience of entities, and of the financial sector more generally;
- to standardise and harmonise the way entities perform intelligence-led red team tests across the EU, while also allowing each jurisdiction a degree of flexibility to adapt the framework according to its specifications;
- to provide guidance to authorities on how they might establish, implement and manage this form of testing at a national or European level;
- to support cross-border, cross-jurisdictional intelligence-led red team testing for multinational entities;
- to enable supervisory and/or oversight equivalence discussions where authorities seek to rely on each other’s assessments carried out using TIBER-EU, thereby reducing the regulatory burden on entities and fostering mutual recognition of tests across the EU;
- to create the protocol for cross-authority/cross-border collaboration, result sharing and analysis.
The TIBER-EU framework has been designed for use at entities which are part of the core financial infrastructure, whether at national or at European level. However, it can also be used for any type or size of entity across the financial and other sectors.
It is up to the relevant authorities – in consultation with the entities under their responsibility – to determine whether and when TIBER-EU tests are to be performed.
Further information is available here: https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_framework.en.pdf