TIBER-BE team
The financial sector is increasingly vulnerable to cyber attacks. It is therefore essential that the financial institutions subject to supervision or oversight by the Bank which qualify as critical market infrastructures or core financial institutions be able to resist hacking attempts from various sources.
To help them achieve this goal and in order to foster resilience to sophisticated cyberattacks, the Bank adopted the TIBER-EU Framework in May 2018 as part of its mission to ensure financial stability. This framework provides for the execution of controlled and tailored tests to assess the extent to which financial institutions can withstand advanced cyber attacks.
The TIBER-BE team heads up the threat intelligence-based ethical red teaming framework in Belgium.
Various types of tests
Together with the financial institutions subject to oversight or supervision by the Bank, the TIBER-BE team conducts and coordinates TIBER-BE tests. Specialised external threat intelligence and red team providers prepare and carry out cyber attacks on live production systems, exactly as real hackers would do but in a controlled manner without any real impact.
They identify and simulate the most relevant threats to the institution’s critical economic functions, mimicking attacks by highly skilled threat groups. In this way, the prevention, detection and response capabilities of the financial institution to these types of attacks are assessed. TIBER-BE exercises are performed on a voluntary basis, in accordance with a three-year cycle.
The Digital Operational Resilience Act (DORA) also provides for digital operational resilience testing (Chapter IV, Arts24 to 27) and introduces the concept of threat-led penetration testing (TLPT). TLPT is a form of advanced digital operational resilience testing.
The requirements for TLPT are laid down in the TLPT Regulatory Technical Standards (RTS), developed in accordance with TIBER-EU and in consultation with the ECB. TLPT and TIBER-EU tests are thus essentially compatible and aim to achieve a similar goal.
The TIBER-BE team actively contributed to the drafting and implementation of these RTS and remains the central point of contact and coordination for TIBER-BE and DORA-TLPT tests at financial institutions supervised by the Bank. The TIBER-EU framework, supplementary guidance and various TIBER-EU implementations such as TIBER-BE should be seen as providing additional guidance on the DORA TLPT requirements (Chapter IV, Arts26 to 27) rather than replacing them.
Two key differences between TIBER-BE and DORA TLPT are that the latter is mandatory and forms part of prudential supervision of the financial institutions concerned. In practice, however, the main purpose is to serve as a learning experience for tested institutions on how to improve their resilience to potential cyber attacks.
The TIBER-BE team also engages in knowledge-sharing in the area of ICT and cyber risks as well as cyber threat intelligence, at the local, national and international levels, in both cross-cutting working groups and bilateral contexts.
Related links and documents
Digital Operational Resilience Act (DORA)
DORA TLPT (EUR-Lex version not yet available)
Questions about Tiber?
Contact our experts at [email protected].