TIBER-EU is the European framework for threat intelligence-based ethical red-teaming. It is the first EU-wide guide on how authorities, entities and threat intelligence and red-team providers should work together to test and improve the cyber resilience of entities by carrying out a controlled cyberattack.
TIBER-EU tests mimic the tactics, techniques and procedures of real-life attackers, based on bespoke threat intelligence. They are tailor-made to simulate an attack on the critical functions of an entity and its underlying systems, i.e. its people, processes and technologies. The outcome is not a pass or fail; instead the test is intended to reveal the strengths and weaknesses of the tested entity, enabling it to reach a higher level of cyber maturity.
The main participants in a TIBER-EU test are assigned to one of five different teams depending on their role and responsibilities:
The TIBER-EU Services Procurement Guidelines provide more details on how to select and procure the services of threat intelligence and red-team providers. The TIBER-EU White Team Guidance explains how to set up the team which manages the TIBER test from inside the target entity.
The TIBER-EU framework is designed for (supra)national authorities and entities that form the core financial infrastructure, including those whose cross-border activities fall within the regulatory remit of several authorities. It is applicable to entities not only in the financial sector but also in any other critical sector. In addition to a number of mandatory requirements, the framework also includes options that can be adapted to the specificities of different jurisdictions. This facilitates mutual recognition and lowers the burden on both authorities and entities.
TIBER-EU was jointly developed by the ECB and the EU national central banks, approved by the Governing Council of the ECB and published in May 2018. It was inspired by and takes into account the lessons learned from similar initiatives in the United Kingdom (CBEST) and the Netherlands (TIBER-NL).
The TIBER-EU framework is currently (being) implemented in Belgium , Denmark , Ireland and the Netherlands , as well as by the ECB in its oversight capacity. Other jurisdictions are expected to follow soon.
To ensure that the providers of threat intelligence and red-team services meet the appropriate standards for conducting a TIBER-EU test, entity being tested should carry out due diligence to make sure its selected provider meets all the requirements set out in the TIBER-EU Services Procurement Guidelines.
In the future, entities should procure only those providers who have achieved formal TIBER-EU certification and accreditation. There is currently no suitable certification and accreditation agency in Europe for this purpose. Once EU certification and accreditation capabilities are in place, all companies should rely on them when hiring providers for the TIBER-EU test.
Organisations interested in providing certification and accreditation for TIBER-EU can contact the TIBER-EU Knowledge Centre at TIBER-EU@ecb.europa.eu