Outdated browser

You are using an outdated browser. DNB.nl works best with:

The financial sector is working together in the TIBER-NL programme to improve its resilience against cyber attacks. TIBER-NL is coordinated by the Cyber Unit of De Nederlandsche Bank (DNB).

Test attacks to assess resilience

TIBER is short for threat intelligence-based ethical red teaming. Financial institutions use the TIBER programme to test their resilience against sophisticated cyberattacks. They do so by staging test attacks, which are based on realistic threats. These test attacks are performed by cybersecurity companies and supervised by DNB. Institutions cannot pass or fail these tests: the aim is to gain insight into their strengths and weaknesses and to identify areas for improvement. Institutions share their experiences and improvement plans with each other. This way, the whole sector can benefit from these tests.

European framework

DNB was the first central bank to undertake this type of testing in 2016. Based on our approach, the European Central Bank (ECB) and the other central banks in the European Union (EU) have drawn up the TIBER-EU Framework. Twelve EU Member States are now using this framework, working together in the TIBER-EU Knowledge Centre.

How a test works

TIBER-NL tests mimic the tactics, techniques and procedures of real hacker groups. The test is performed on the basis of specific threats to the institution. It involves a controlled attack on the critical functions of the institution and its underlying systems and services. People, processes and IT infrastructure may also be targeted. The fact that a test attack is taking place is only known to a few people at the institution. The aim of the test is always to enable the institution to learn and improve.

TIBER programme target group

The TIBER-NL programme was originally intended for institutions in the core financial infrastructure, such as large banks and payment institutions. We are now also using it for the main pension providers and insurers. The TIBER-NL framework can also be used in other critical sectors, such as healthcare, telecom and energy.

Important documents

 

There are templates and guidelines for all the different phases of a test. You can download them below: