The standard called TIBER-EU from the European Central Bank (ECB) has created a blueprint for Red Team Assessments, full-scale cyber attack simulations by professional hackers (like APTs and cybercrime groups), on banks, federal banks, insurance companies, and other financial sector actors in the European Union. This blueprint serves as a template for various national standards, such as TIBER-DE in Germany, published by the Federal Ministry of Finance and the Deutsche Bundesbank.
In general, Red Team Exercises are intended to review the security of organizations (such as banks) holistically, from a technical as well as a human and organizational perspective, strategically and not only with regard to individual technical measures. Up to now, however, there were no standards in Europe regarding the approach to Red Team Assessments in the financial sector. Inspired by efforts such as CBEST in the UK, this has now changed with TIBER.
Recommendation of the ‘European Central Bank (ECB)’ on the conduct of Red Team Assessments
TIBER-EU from the European Central Bank created a framework in 2018 to further strengthen the cyber resilience of the financial industry. ‘Threat Intelligence-Based Ethical Red’ teaming simulates real cyber attacks on critical functions (i.e., critical business processes) of financial institutions in order to determine their resilience and to derive measures that can further improve them.
As an experienced IT security service provider with primary focus on Red Team Assessments, NSIDE is the right partner for performing assessments according to the TIBER-DE framework. Please do not hesitate to contact us for advice on this.
If you are not yet sure that TIBER-EU is relevant for you or you need support in planning a test within the framework of TIBER-EU, we will gladly offer support. Simply contact us without obligation. Our experienced security analysts will be happy to help.
Contents of TIBER-EU and TIBER-DE
TIBER stands for ‘Threat Intelligence-Based Ethical Red’ teaming, thus combining two components: Threat Intelligence (TI) and Red Team (RT) engagements. In this context, the Red Teaming part of a TIBER project should be based on Threat Intelligence (TI) findings in order to reflect the current threat situation in the financial sector as realistically as possible.
Who are Red Team Tests According to TIBER-DE Intended For?
Recommended by the Deutsche Bundesbank and the European Central Bank respectively, the framework was developed for the following organizations:
- Large banks active in Germany
- Large insurance providers active in Germany
- Financial market infrastructures active in Germany
- IT service providers active in Germany and critical to the financial sector
What Steps Does a TIBER Test Consist of?
A Red Team Test according to the TIBER framework consists of the following steps:
- Preparatory phase: Kick-off; determine the scope; establish communication channels, responsibilities and roles; define the critical functions that will become the test target of the assessment. Duration: 4 to 6 weeks.
- Test Phase: Core of the TIBER project, consisting of the following two parts.
Total duration: approx. 16 to 18 weeks:
- Threat Intelligence: Collection of information about the national and company-specific threat situation, which provides the basis of the procedure (TTPs – Tactics, Techniques, Procedures) of the Red Teaming is determined and a rough test plan is defined.
- Red Team Test: Full-scale attack simulation against the company according to the test plan
- Final phase: A comprehensive RT test report with findings of the test, identified gaps and comprehensive recommendations (technical as well as strategic) is prepared; relevant units in the company are informed about the test; lessons learned are collected; the Blue Team (defender side) also prepares a test report from its point of view (BT test report); a replay workshop can retrace individual attack steps (similar to Purple Teaming); general feedback is exchanged. Duration: up to 4 weeks.