Threat Intelligence-based Ethical Red Teaming (TIBER)
Strengthening the cyber security and resilience of the financial system is a strategic priority for the Central Bank of Ireland.
TIBER-EU
In March 2018, the ECB published the Threat Intelligence-based Ethical Red Teaming (TIBER-EU) Framework. The objective of the framework is to put in place a programme to test and improve resilience of financial infrastructure and institutions, at national and European level, against sophisticated cyber-attacks.
TIBER-EU is designed to deliver a controlled, bespoke, intelligence-led Red Team test (ethical hacking) of financial infrastructures and institutions’ critical live production systems. Intelligence-led Red Team tests mimic the tactics, techniques and procedures (TTPs) of real-life threat actors who, on the basis of threat intelligence, are perceived as posing a genuine threat.
The outcome of a TIBER test is not a pass or fail; instead the test is intended to reveal the strengths and weaknesses of the tested entity, enabling it to reach a higher level of cyber maturity.
TIBER-IE
The Central Bank of Ireland is the designated authority for TIBER in Ireland and has formally adopted the framework as TIBER-IE. The TIBER-IE National Guide (PDF 789 KB) sets out the Central Bank of Ireland’s implementation of TIBER and explains the requirements of TIBER-IE and the roles of the key stakeholders in a test.
TIBER-IE National Guide December 2019 | pdf 818 KB
Participation in TIBER-IE is voluntary, therefore the framework does not constitute a regulatory requirement. The TIBER test is managed by the financial institution, conducted by qualified third parties and overseen by the TIBER Cyber Team at the Central Bank of Ireland.
Cross-Jurisdictional Testing
A unique aspect of TIBER-EU is that it can facilitate consistent and comprehensive testing for entities which are active in more than one jurisdiction. This promotes collaborative cross-authority testing, mutual recognition, and assurance to other jurisdictions that the requirements of the TIBER-EU framework have been met.
Find out more about TIBER-EU and TIBER-IE
For further information, please contact [email protected].