TIBER-NL programme
Cyberattacks are becoming more frequent in the financial sector. The techniques used are also becoming more advanced. To address the threat of cyberattacks, financial companies are working together in the Threat Intelligence Based Ethical Red (TIBER) programme. The aim is to make companies more resilient against cyberattacks. The programme is led by the Cyber Unit of De Nederlandsche Bank (DNB). The AFM joined the TIBER-NL programme.
Improving cyber resilience with test attacks
In the TIBER-NL programme, financial companies test their resilience against advanced cyberattacks using test attacks that are based on realistic threats. The attacks are carried out by cybersecurity companies under the guidance of the AFM.
Companies cannot pass or fail a TIBER test. They are made aware of their strengths and weaknesses in relation to cybersecurity, with the ultimate aim being to improve their cyber resilience. The programme also involves sharing experiences and planned improvements.
Key documents
- TIBER-NL Guide. This guide explains how the TIBER-EU framework is applied by the AFM.
- TIBER EU Services Procurement Guidelines. This document explains how financial companies select and procure the services of security companies.
- TIBER EU White Team Guidance. This document explains how financial companies can set up a white team.
- TIBER-EU Framework
There are templates for the various phases of a TIBER test. These include:
- Scoping document
- Targeted threat intelligence report
- Red Team test plan
- Red Team test report
- Purple teaming guide
- 360 feedback report
- Test summary
- TIBER quality assurance checklist
- TIBER-EU Attestation template
The target group for TIBER-NL
The TIBER-NL programme is primarily designed for financial core infrastructure companies. These include the major banks and payment institutions. DNB has expanded the TIBER-NL programme to include pension funds and insurers. The AFM offers the TIBER-NL programme to companies subject to its supervision. The TIBER-NL Framework can also be used in other areas, such as the health care, telecommunications services and energy sectors.
The design of a TIBER test
A TIBER test is based on the tactics, techniques and procedures of real hacker groups. The test is designed specifically for the circumstances at the participating company. The test is carried out in a controlled manner on the company’s critical functions and its underlying systems and services. People, processes and IT infrastructures may also be targeted. Only a few employees at the participating company will be aware that the attack is taking place.
TIBER-NL as part of the European framework
DNB started supervising TIBER tests in 2016. Inspired by this approach from DNB, the European Central Bank set up the TIBER-EU Framework in cooperation with the central banks of the European Union. The TIBER-EU Framework sets parameters for how TIBER tests can be carried out. Right now, 13 EU countries are working with the TIBER-EU Framework and have formally established this cooperation with the TIBER-EU Knowledge Centre.
The AFM works with DNB, in a cooperation that benefits from the two institutions’ knowledge and experience. The AFM TIBER team is positioned independently from the supervisory activities of the AFM in order to ensure confidentiality towards the participating companies. The European Central Bank has set up the TIBER-EU Framework in cooperation with the central banks of the European Union. The TIBER-EU Framework sets parameters for how TIBER tests can be carried out.
Right now, 13 EU countries are working with the TIBER-EU Framework and have formally established this cooperation with the TIBER-EU Knowledge Centre.