TIBER
TIBER is short for Threat Intelligence-Based Ethical Red-teaming and is a pan-European framework where governments, financial institutions and suppliers cooperate with testing of cyber security in the financial system.
TIBER-EU
TIBER-EU is a framework developed by the European Central Bank (ECB) to test financial institutions’ ability to detect and defend against advanced cyber-attacks.
The use of targeted threat intelligence and external test specialists («Red Team») contribute to realistic tests. Critical IT systems are tested by imitating tactics, techniques and procedures used by real-life attackers. The goal is to uncover weaknesses and implement appropriate remediation measures.
A standardised setup for testing in Europe contributes to comparable assessments of security across systems and countries and facilitates information exchange between governments and entities nationally and internationally.
TIBER-EU is implemented in many European countries including Denmark, Sweden, Finland, and Norway.
TIBER-NO
TIBER-NO is the Norwegian implementation of TIBER-EU and applies to the financial sector in Norway. TIBER-NO is established by Finanstilsynet (The Financial Supervisory Authority of Norway) and Norges Bank (The Central Bank of Norway) in close cooperation with the industry and other relevant authorities.
The implementation guide establishes the Norwegian composition within the scope established by TIBER-EU and details options selected for TIBER-NO.
Download the implementation guide
TIBER Cyber Team – TCT-NO
A dedicated team is established to facilitate tests performed using TIBER-NO. The team assists entities which want to carry out TIBER-NO testing with planning, coordination of involved parties, risk assessments, execution, and evaluation.
Red Team and Threat Intelligence Providers
If you are a Red Team or Threat Intelligence provider, we at TCT-NO would love to hear from you. One of our objectives in assisting financial institutions testing after TIBER-NO is giving an overview of potential service providers. Additionally, we wish to give commercial providers the opportunity to both learn more and stay updated about any TIBER related developments.
Send us an email with your contact info and a brief statement whether you are ready to participate in TIBER tests or would like to learn more.
Downloads
TIBER-NO Implementation guide (pdf)
TIBER-NO Scope specification template v1.3 (pdf)
TIBER-NO Test Process Overview v1.0 (pdf)
TIBER-NO Risk Management Guidance v2.0 (pdf)
TIBER-NO WT and TCT Rules of Engagement - TEMPLATE 1.2 (pdf)
TIBER-NO Operational Guide v1.3 (pdf)
TIBER-NO Red Team Test Plan guidance v0.2 (pdf)
TIBER-NO Blue Team Test Report Guidance v1.0 (pdf)
TIBER-NO Targeted Threat Intelligence Report guidance v0.2 (pdf)