An overview of the TIBER-EU methodology

The Threat Intelligence-Based Ethical Red Teaming (TIBER-EU) methodology is a comprehensive framework designed to enhance the cyber resilience of financial institutions by simulating realistic cyber-attacks on their critical systems.

Threat based penetration testing is a key component of demonstrating compliance with the EU’s Digital Operational Resilience Act (DORA), however it is also the way organisations not falling within the scope of DORA can extract the most value from their technical testing programmes.

Core objectives

Enhance cyber resilience: Improve the ability of financial entities to protect, detect, and respond to sophisticated cyber-attacks.

Harmonisation and standardisation: Provide a standardised approach to intelligence-led red team testing across the EU, while allowing flexibility for the specific requirements of individual countries.

Hassan M

Senior Analyst, Threat Simulation | Cyber Risk

Stephen Green

Threat Intelligence Lead | Cyber Risk

sgreen@thomasmurray.com

Edward Starkie

Director, GRC | Cyber Risk

estarkie@thomasmurray.com

Guidance for authorities: Offer guidance to national and European authorities on establishing, implementing, and managing the testing framework.

Support for cross-border testing: Facilitate cross-border and cross-jurisdictional testing for multinational entities.

Mutual recognition: Enable discussions on supervisory and oversight equivalence, reducing regulatory burdens, and fostering mutual recognition of tests across the EU.

Collaboration protocols: Establish protocols for cross-authority collaboration, result sharing, and analysis.

Key phases of a TIBER-EU test

Preparation phase

Project setup: Define the test scope, procure external service providers, and set up the project structure.

Risk assessment: Conduct risk assessments and define the scope of the test.

Engagement: Identify and engage key stakeholders, including relevant authorities.

Testing phase

Threat intelligence gathering: Collect targeted threat intelligence to understand potential threats and threat actors.

Red teaming: Conduct simulated cyber-attacks using tactics, techniques, and procedures of real-life threat actors to test the entity’s critical functions and underlying systems (people, processes, and technologies).

Closure phase

Analysis and reporting: Analyse the results, identify vulnerabilities, and provide recommendations for remediation.

Compliance and feedback: Ensure compliance with the TIBER-EU framework and provide feedback to improve future tests.

Stakeholders

TIBER cyber team: Manages the test and ensures it meets the TIBER-EU framework requirements.

Financial entities: Undergo the testing to assess and improve their cyber resilience.

Threat intelligence providers: Supply the necessary threat intelligence for the red team tests.

Red team providers: Execute the simulated cyber-attacks based on the gathered threat intelligence.

Relevant authorities: Oversee the implementation and management of the TIBER-EU framework at national and European levels.

Benefits

Improved cyber resilience: Helps financial institutions identify and mitigate security vulnerabilities.

Regulatory assurance: Provides assurance to regulators, customers, and partners regarding the institution's cyber security posture.

Enhanced collaboration: Promotes cross-border cooperation and information sharing among authorities and financial entities.

DORA compliance

We can help you with all aspects of preparing for DORA’s requirements and demonstrating compliance to the regulators. From threat intelligence to incident preparedness and response, to eDiscovery and advisory services, we can ensure that your organisation is ready to face whatever cyber challenges come your way. Talk to us to find out more.