Framework for Cyber-Attack Testing Published by ECB


On May 2, 2018, the European Central Bank (“ECB“) published the “TIBER-EU” framework, a document which outlines the process for European and national authorities to work with financial institutions to put in place a program to test and improve resilience against cyber-attacks.

The TIBER-EU introduces intelligence-led red team tests to mimic the tactics, techniques and procedures of threat-actors, which will allow a financial institution to assess its protection, detection and response capabilities.

The framework, available here, details the key phases, activities, deliverables and interactions involved in a test.

The tests are not mandatory and it is for relevant authorities and institutions to decide if the tests are required, however the ECB has encouraged relevant authorities within jurisdictions to engage with each other in deciding how to adopt the framework, whilst financial institutions are encouraged to work closely with relevant authorities in order to enhance cyber-resilience.