Threat Intelligence Based Ethical Red teaming (TIBER)

Read aloud

The financial sector in the Netherlands has been working together for several years to enhance its resilience to cyber attacks. In 2016, De Nederlandsche Bank (DNB) developed the TIBER-NL framework to simulate cyber attacks in a controlled manner and to test and help improve financial institutions’ response capabilities.

Voluntary testing at TIBER level

TIBER is short for threat intelligence-based ethical red-teaming. Using this framework, financial institutions perform voluntary tests to find out how resilient they are to advanced cyber attacks. Institutions cannot pass or fail these tests: The aim is to gain insight into their strengths and weaknesses and to identify areas for improvement. The institutions share their experiences and improvement plans, for example in the private Resilience Testing Community. This way, the whole sector can benefit from these tests.

This content cannot be displayed due to your cookie settings

This content is from third parties and can only be displayed after you have given your consent for the use of optional cookies. Read more about the use of cookies in our cookie policy.

Watch the video on YouTube

European framework

DNB started overseeing tests based on its TIBER-NL framework. Based on the Dutch approach, the European Central Bank (ECB) and several other central banks in the European Union (EU) have drawn up the TIBER-EU framework. Many EU countries have adopted this framework and collaborate in the TIBER-EU Knowledge Centre.

How a test works

After you have mapped your institution’s critical and important functions, TCT-DNB provides you with the Generic Threat Landscape (GTL). In this document, TCT-DNB has identified the generic threats, developments and actors which it observes in the financial sector. A specialised external party then examines which specific threats are most realistic and impactful for your institution. It does so on the basis of the GTL and current and specific threat information held by the specialised party itself. This intelligence provides insight into which hacker groups may be interested in your institution and what tactics, techniques and procedures they are likely to use in a cyber attack.

Based on this intelligence, a specialised party of ethical hackers prepares several realistic attack scenarios. These are simulated in a controlled manner in your institution's production systems, potentially targeting people, processes and IT infrastructure.

TCT-DNB offers the option of extending a TIBER test with a crisis management exercise called 'gold teaming'. Simulated attack scenarios are used to make this additional test component as realistic as possible.

To ensure absolute confidentiality and maximise learning, only a select number of people in your institution are aware that this test is taking place. After all, a real attack is never announced in advance. This allows you to further strengthen your detection and response capabilities and enhance your cyber resilience.

TIBER programme target group

The TIBER framework’s target group are institutions in the Dutch financial sector, such as large banks, payment institutions, pension providers and insurers. The TIBER framework can also be used in other critical sectors, such as healthcare, telecom and energy. However, organisations in those sectors can also choose to use the ART framework. [link naar subpagina ART]

The TIBER-EU framework and related documents

The publications below provide insight into the framework TCT-DNB uses to oversee voluntary TIBER testing. Related documents are also listed that provide additional guidance on the various components of a TIBER test. TCT-DNB offers several formats that can be used when preparing TIBER deliverables.

TIBER framework

Related documents (guidance)

TCT-DNB sample deliverables (formats)

TCT-DNB offers the following formats that can optionally be used when conducting a TIBER test:

More information

For more information, please contact tct@dnb.nl.