The European Central Bank (ECB) on Wednesday published a framework testing the European financial sector’s resilience to cyber attacks.
The European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) aims to “mimic the tactics, techniques and procedures of real hackers who can be a genuine threat,” the ECB says in a news release.
TIBER-EU sets out testing procedures that simulate a cyber attack on a financial firm’s critical functions and underlying systems, including its people, processes and technologies.
“This helps the entity to assess its protection, detection and response capabilities against potential cyber attacks,” the ECB says.
“Tests will be tailor-made and will not result in a pass or fail — rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity,” it adds.
TIBER-EU has been designed for entities that make up the core go the financial system’s infrastructure, such as payment systems, clearing firms, and exchanges, along with banks, securities firms and asset managers. It is also intended to cover firms that operate on a cross-border basis under the oversight of a number of authorities.