ECB publishes European framework for testing financial sector resilience to cyber attacks
The European Central Bank (ECB) yesterday published the European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU), which is the first Europe-wide framework for controlled and bespoke tests against cyber attacks in the financial market.
- TIBER-EU is the first European framework for controlled cyber hacking to test resilience of financial market entities
- Framework facilitates testing for cross-border entities under oversight of several authorities
- Goals are to help entities gain insight about their protection, detection and response capabilities and to help them fighting cyber attacks
The TIBER-EU framework facilitates a harmonised European approach towards intelligence-led tests which mimic the tactics, techniques and procedures of real hackers who can be a genuine threat. TIBER-EU based tests simulate a cyber attack on an entity’s critical functions and underlying systems, such as its people, processes and technologies. This helps the entity to assess its protection, detection and response capabilities against potential cyber attacks.
The TIBER-EU framework has been designed for national and European authorities and entities that form the core financial infrastructure, including entities with cross-border activities which fall within the regulatory remit of several authorities. The framework can be used for any type of financial sector entity, as well as entities in other sectors.
It is up to the relevant authorities and the entities themselves to determine if and when TIBER-EU based tests are performed. Tests will be tailor-made and will not result in a pass or fail – rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity.
For media queries, please contact Lena-Sophie Demuth, tel.: +49 69 1344 5423.
- For the purposes of the TIBER-EU framework, entities include payment systems, central securities depositories, central counterparty clearing houses, trade repositories, credit rating agencies, stock exchanges, securities settlement platforms, banks, payment institutions, insurance companies, asset management companies and any other service providers deemed critical for the functioning of the financial sector.
- The ECB promotes the safety and efficiency of payment, clearing and settlement systems in the euro area under its oversight mandate, guided by oversight regulations, standards, guidelines and expectations. At Eurosystem level, the ECB is the competent authority for the systemically important payment systems in the euro area: TARGET2, EURO1 and STEP2-T, and is the lead overseer for TARGET2-Securities; oversight of other payment systems lies with the national central banks.
Directorate General Communications
Sonnemannstrasse 20, 60314 Frankfurt am Main, Germany
Tel.: +49 69 1344 7455, E-mail: email@example.com
Reproduction is permitted provided that the source is acknowledged.
Latest News from
Statement by Executive Vice-President Margrethe Vestager on the Commission's decision to appeal the General Court's judgment on the Apple tax State aid case in Ireland25/09/2020 15:25:00
Statement given by Executive Vice-President Margrethe Vestager on the Commission's decision to appeal the General Court's judgment on the Apple tax State aid case in Ireland.
Why is Parliament calling for new EU revenue-raising powers?25/09/2020 14:33:00
Parliament is calling for new EU revenue sources to invest in Europe’s future and support the Covid-19 recovery without burdening taxpayers.
Hong Kong: Statement by the Spokesperson on the arrest of Joshua Wong and other pro-democracy activists25/09/2020 13:25:00
The arrest of Hong Kong pro-democracy activist Joshua Wong on 24 September is the latest in a troubling series of arrests of pro-democracy activists since the summer.
ESMA Consults On MIFIR Reference Data And Transaction Reporting25/09/2020 12:38:00
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, yesterday launched a Consultation Paper (CP) reviewing the reference data and transaction reporting obligations under the Market in Financial Instruments Regulation (MiFIR).
MEPs question whether the new Migration Pact will bring about real change25/09/2020 11:33:00
The new Migration Pact is insufficient for the majority of EP groups. Some demand compulsory relocation of refugees; others want a firmer stance on irregular arrivals.
Questions and Answers: Coronavirus and the EU Vaccines Strategy25/09/2020 09:25:00
On 17 June, the European Commission presented a European strategy to accelerate the development, manufacturing and deployment of vaccines against COVID-19.
European Centre for Disease Prevention and Control's new risk assessment shows need to step up coronavirus response in the EU24/09/2020 17:02:00
Today, the European Centre for Disease Prevention and Control (ECDC) published its updated risk assessment regarding the COVID-19 pandemic, alongside a set of guidelines for non-pharmaceutical interventions (such as hand hygiene, physical distancing, cleaning and ventilation).
Artificial intelligence: threats and opportunities24/09/2020 16:33:00
Artificial intelligence (AI) affects our lives more and more. Learn about the opportunities and threats for security, democracy, businesses and jobs.
Tourism Committee MEPs: EU must act, 22 million jobs are at stake24/09/2020 15:25:00
Members of Parliament’s Tourism Task Force reiterate that the tourism sector needs EU-level coordination and substantial support to give SMEs a chance of survival.