- MIP NEWS
Publication of TIBER-EU Purple Teaming Best Practices
8 August 2022
The ECB has published its Purple Teaming Best Practices. These practices outline how purple teaming can be set up and managed within the European framework for threat intelligence-based ethical red teaming (TIBER-EU) process.
With more than 75 TIBER tests having been performed across EU sectors and jurisdictions, stakeholders have highlighted the need for guidance on how purple teaming can be incorporated into the TIBER-EU process.
Purple teaming is a collaborative activity which takes place during a TIBER test. It involves the red team simulating a cyberattack and the blue team defending the entity being tested. The purpose of purple teaming is to adopt an exploratory mindset which allows the blue team to gain a better understanding of the strengths and weaknesses of its protection and detection capabilities. The aim is to maximise the value of the learning experience for the entity undergoing the TIBER test, thereby helping it to improve its capabilities.
TIBER cyber teams, threat intelligence providers and red team providers and entities undergoing or planning to undergo TIBER tests can use the best practices document to increase their knowledge of how purple teaming may be used in the testing and closure phases of the TIBER-EU process.
Purple teaming contributes to increasing a tested entity’s understanding of threat actors’ tactics, techniques and procedures. It supports the tested entity in identifying remediation actions and implementing appropriate mitigation measures.
TIBER-EU provides guidance to authorities, entities, threat intelligence providers and red team providers on how to test and improve cyber resilience. TIBER-EU tests involve five different teams as the main participants, each with different roles and responsibilities. These teams include a red team and a blue team, with the red team carrying out a simulated cyberattack and the blue team seeking to prevent, detect and respond without any foreknowledge of the test events taking place. The aim of the TIBER-EU framework is to harmonise and standardise the approach to threat intelligence-based ethical red teaming across the EU.