Advanced Red Teaming (ART)

Read aloud

The financial sector in the Netherlands has been working together since 2016 to enhance its resilience to cyber attacks. In 2024, De Nederlandsche Bank (DNB) launched the Advanced Red-Teaming (ART) framework in addition to the TIBER framework. The ART framework enables financial institutions to simulate cyber attacks on a voluntarily basis and enhance their response capabilities. The ART framework enables customisation of a test’s scope and frequency.

Test attacks to assess resilience

ART stands for Advanced Red-Teaming. Using this modular framework, financial institutions perform voluntary tests to find out how resilient they are to advanced cyber attacks. Institutions cannot pass or fail these tests: The aim is to gain insight into their strengths and weaknesses and to identify areas for improvement. The institutions share their experiences and improvement plans, for example in the private Resilience Testing Community. This way, the whole sector can benefit from these tests.

Modularity ensures flexibility

Advanced Red-Teaming builds on the lessons and successes of TIBER. ART is a modular framework that allows the test’s scope and frequency to be tailored to an organisation’s cyber maturity and its specific learning objectives. This makes it suitable for smaller financial institutions that have already made strides in terms of cyber maturity but are not yet ready for a TIBER or TLPT test.

The ART framework can also be used in addition to the mandatory TLPT tests or the voluntary TIBER tests, meaning it is also suitable for institutions wishing to apply more continuous testing. This can be achieved, for example, by reducing the scope of the test while increasing its frequency. For example, you can choose to run one scenario annually. If you do so, after three years your institution will have achieved the same test coverage as by conducting a TLPT or TIBER test.

In addition, the ART framework provides a solid platform for periodic cyber resilience testing as required in European legislation, such as DORA and NIS2.

If you add the crisis management exercise, your institution can also practice that aspect of a cyber attack. This offers you added value compared to a regular crisis management drill, as it immediately ties into the simulation of the realistic cyber attack.

How a test works

After you have mapped your institution’s critical and important functions, TCT-DNB provides you with the Generic Threat Landscape (GTL). In this document, TCT-DNB has identified the generic threats, developments and actors which it observes in the financial sector. A specialised internal or external party then examines which specific threats are most realistic and impactful for your institution. It does so on the basis of the GTL and current and specific threat information held by that party. This intelligence provides insight into which hacker groups may be interested in your institution and what tactics, techniques and procedures they are likely to use in a cyber attack.

Based on this intelligence, a specialised party of ethical hackers prepares several realistic attack scenarios. These are simulated in a controlled manner in your institution's production systems, potentially targeting people, processes and IT infrastructure.

In addition, an ART test can be extended with a crisis management exercise called 'gold teaming'. Simulated attack scenarios are used to make this additional test component as realistic as possible.

In your institution, only a select number of people are aware that this test is taking place, to ensure absolute confidentiality and maximise learning. After all, a real attack is never announced in advance. This allows you to further strengthen your detection and response capabilities and enhance your cyber resilience.

ART programme target group

The ART framework’s target group are institutions in the Dutch financial sector, such as small and large banks, payment institutions, pension providers and insurers. The ART framework’s modular and adaptive nature allows it to be used in other critical sectors, such as healthcare, telecom and energy.

The TIBER-EU framework and related documents

The publications below provide insight into the framework TCT-DNB uses to oversee voluntary ART testing. Related documents are also listed that provide additional guidance on the various components of an ART test. TCT-DNB offers several formats that can be used when preparing ART deliverables.

ART framework

Related documents (guidance)

TCT-DNB sample deliverables (formats)

TCT-DNB offers the following formats that can optionally be used when conducting an ART test:

More information

For more information, please contact tct@dnb.nl.

DNB uses cookies

We use cookies to optimise the user-friendliness of our website. 
Read more about the cookies we use and the data they collect in our cookie notice.

To ensure the proper operation of the website, De Nederlandsche Bank (DNB) uses functional cookies and analytics cookies, and has taken measures to ensure that these cookies have little or no impact on the privacy of website users.

Some pages include embedded content from external websites. These websites may use proprietary (tracking) cookies. This allows third parties to track visitor statistics, show personalised content and display targeted ads, for example. You can make your choice about allowing these optional cookies both when you first visit the website and when you navigate to a page with embedded content.