Threat Intelligence-based Ethical Red Teaming (TIBER)

Hacker

Strengthening the cyber security and resilience of the financial system is a strategic priority for the Central Bank of Ireland.

TIBER-EU

In March 2018, the ECB published the Threat Intelligence-based Ethical Red Teaming (TIBER-EU) Framework. The objective of the framework is to put in place a programme to test and improve resilience of financial infrastructure and institutions, at national and European level, against sophisticated cyber-attacks.

TIBER-EU is designed to deliver a controlled, bespoke, intelligence-led Red Team test (ethical hacking) of financial infrastructures and institutions’ critical live production systems. Intelligence-led Red Team tests mimic the tactics, techniques and procedures (TTPs) of real-life threat actors who, on the basis of threat intelligence, are perceived as posing a genuine threat.

The outcome of a TIBER test is not a pass or fail; instead the test is intended to reveal the strengths and weaknesses of the tested entity, enabling it to reach a higher level of cyber maturity.

TIBER-IE

The Central Bank of Ireland is the designated authority for TIBER in Ireland and has formally adopted the framework as TIBER-IE. The TIBER-IE National Guide (PDF 789 KB) sets out the Central Bank of Ireland’s implementation of TIBER and explains the requirements of TIBER-IE and the roles of the key stakeholders in a test.

TIBER-IE National Guide December 2019 | pdf 818 KB

Participation in TIBER-IE is voluntary, therefore the framework does not constitute a regulatory requirement. The TIBER test is managed by the financial institution, conducted by qualified third parties and overseen by the TIBER Cyber Team at the Central Bank of Ireland.

Cross-Jurisdictional Testing

A unique aspect of TIBER-EU is that it can facilitate consistent and comprehensive testing for entities which are active in more than one jurisdiction. This promotes collaborative cross-authority testing, mutual recognition, and assurance to other jurisdictions that the requirements of the TIBER-EU framework have been met.

Find out more about TIBER-EU and TIBER-IE

For further information, please contact [email protected].