From a Dutch to a European standard
At DNB, we have been working with the TIBER-NL programme since June 2016. TIBER stands for threat intelligence-based ethical red teaming. It comprises hack tests at financial institutions, with realistic scenarios based on current threat intelligence. The aim is to make institutions in the financial core infrastructure (FCI) more resilient as they learn from best practices. We took our cue from the Bank of England's CBEST project in developing TIBER.
In turn, both CBEST and TIBER-NL have prompted other authorities to set up their own red teaming frameworks. At a European level, central banks and other authorities have joined forces to create TIBER-EU. This should prevent financial institutions from being burdened with a multitude of tests, and it fosters collaboration among authorities.
Objectives of TIBER-EU
The ECB will be using TIBER-EU to test the financial market infrastructures under its supervision. The first European countries, such as Belgium and Denmark, have meanwhile begun to introduce their own frameworks. This means TIBER-NL is a frontrunner.
The objectives of TIBER-EU include:
- Standardising and harmonising procedures for performing threat intelligence-based red teaming tests across the EU.
- Supporting cross-border tests at multinational institutions.
- Providing authorities with guidance on setting up a TIBER programme.
- Facilitating the mutual recognition of tests within the EU.