knowledge 7 June 2018 |

New European Framework for Controlled Cyber Hacking

Overview of TIBER-EU

TIBER, which stands for Threat Intelligence-based Ethical Red Teaming, enables a controlled, bespoke and intelligence led red team test of entities’ critical live production systems.

TIBER-EU is designed for both national and European authorities as well as entities that form the core financial infrastructure, including those with cross-border activities. It can also be used for entities in other sectors.  It is intended to:

• improve the protection, detection and response capabilities of entities;
• enhance the resilience of the financial sector; and
• provide assurance to the authorities about the cyber resilience capabilities of the entities under their responsibility.

TIBER-EU tests mimic the tactics, techniques and procedures used by real-life threat actors who are considered to pose a genuine threat to entities in the financial sector.  Each test is tailor-made and must be conducted without the prior knowledge of the tested entity, with the exception of a small number of staff members, in order to gain a true picture of its capabilities regarding protection, detection and response. The ultimate objective of the test is to provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity.

It is up to the relevant authorities and the entities themselves to determine if and when TIBER-EU based tests are performed.

Next Steps

Authorities in jurisdictions that are considering adopting the TIBER-EU framework are encouraged to engage with each other to determine how best to adopt and implement it.  The ECB is also encouraging entities to liaise with their relevant authorities and work closely with them so as to establish a framework which will enhance the cyber resilience of their sector.  The TIBER-EU Knowledge Centre will monitor the framework’s implementation allowing for improvements to be made when necessary.