01. 06. 2023 Massimo Giaimo Red Team

TIBER-EU: Enhancing Cybersecurity Resilience in the Financial Sector

As technology continues to advance at an unprecedented pace, the financial sector faces increasing risks and challenges in safeguarding sensitive data and ensuring the security of critical systems. In response to this evolving threat landscape, the European Central Bank (ECB) and the European Union Agency for Cybersecurity (ENISA) introduced a groundbreaking framework known as TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union). TIBER-EU serves as a comprehensive cybersecurity resilience framework specifically designed to bolster the defenses of financial institutions across the European Union.

Understanding TIBER-EU

TIBER-EU represents a proactive and collaborative approach to cybersecurity resilience testing within the financial sector. It is built on the principles of threat intelligence, ethical hacking, and red teaming to evaluate and enhance the effectiveness of an organization’s cybersecurity posture. The framework aims to simulate real-world cyberattacks, allowing institutions to identify vulnerabilities and implement necessary improvements in a controlled and secure manner.

Key Objectives

Enhancing cyber resilience: TIBER-EU assists financial institutions in identifying and mitigating vulnerabilities by mimicking the tactics, techniques, and procedures employed by cybercriminals. This approach allows organizations to gain valuable insights into potential weaknesses and develop robust strategies to enhance their overall cybersecurity resilience.
Promoting collaboration: The framework encourages close collaboration between financial institutions, regulators, and the public sector. By sharing information and best practices, TIBER-EU fosters a collective defense approach to tackling cyber threats, creating a more secure and interconnected financial ecosystem across the European Union.
Standardization: TIBER-EU establishes a standardized methodology and set of guidelines for conducting cybersecurity assessments. This ensures consistency in testing practices and enables the measurement of cybersecurity resilience across different financial institutions, enabling effective benchmarking and comparisons.

Key Components of TIBER-EU

Threat Intelligence: TIBER-EU utilizes up-to-date and relevant threat intelligence to replicate the techniques used by adversaries. This intelligence-driven approach allows organizations to gain insights into emerging threats and adapt their cybersecurity defenses accordingly.
Ethical Hacking and Red Teaming: Certified ethical hackers and red teams are engaged to simulate sophisticated cyberattacks on the financial institution’s systems. By mimicking real-world threats, these professionals help identify vulnerabilities and evaluate the effectiveness of existing security controls.
Controlled Testing: TIBER-EU emphasizes controlled testing to minimize the impact on daily operations while conducting cybersecurity assessments. This approach ensures that the organization’s systems and services are not disrupted during the testing phase.
Reporting and Improvement: Following the testing phase, comprehensive reports are generated to provide detailed findings, vulnerabilities, and recommendations for improvement. The reports are shared with the tested institution, enabling them to prioritize and implement necessary security enhancements effectively.

Benefits of TIBER-EU

a) Enhanced Preparedness: TIBER-EU enables organizations to identify and address cybersecurity weaknesses proactively. By simulating realistic cyberattacks, organizations gain valuable insights into their vulnerabilities, allowing them to fortify their defenses and improve incident response capabilities.

b) Collaboration and Knowledge Sharing: The framework encourages collaboration between organizations, ethical hackers, and cybersecurity experts. This collaboration fosters knowledge sharing and the exchange of best practices, ultimately strengthening the collective resilience of the European Union’s critical infrastructure.

c) Standardization and Certification: TIBER-EU establishes a standardized approach to cybersecurity testing, ensuring consistent methodologies and high-quality assessments. The framework also provides the possibility of certification, demonstrating an organization’s commitment to cybersecurity and providing reassurance to stakeholders.

d) Regulatory Compliance: TIBER-EU aligns with various regulatory requirements, including the Network and Information Systems (NIS) Directive and the European Central Bank’s guidelines. By implementing the framework, organizations can fulfill their obligations under these regulations and demonstrate compliance.

The Bank of Italy, Consob and IVASS have jointly adopted the TIBER-IT national guide. The Guide constitutes the national transposition of the TIBER-EU framework.

TIBER-IT was adopted with a view to financial stability, within the sphere of the competences entrusted to the three Authorities by the legal system regarding the stability, efficiency and competitiveness of the financial system, as well as those concerning the supervision of the regular functioning, reliability and efficiency of the payment system.

If you are an organization operating in the financial sector and you want to submit your infrastructure to an activity in line with the TIBER-EU framework, contact us.