The Riksbank has decided to adopt the TIBER-EU framework and publish guidelines for Sweden’s national adaptation, TIBER-SE. TIBER-EU is a framework for cybersecurity testing, developed by the European Central Bank (ECB). To coordinate these tests in Sweden, the Riksbank has launched a cooperation forum together with the central players in the Swedish financial system who will undergo testing under the framework.
TIBER-EU (Threat Intelligence-based Ethical Red Teaming) is a framework developed by the ECB that makes it possible to test, in a standardised way, resilience to cyber risks among players in the financial system. The test (known as red team testing) involves the controlled simulation of a cyber attack on an organisation’s employees, processes and technology. The test is not ‘pass or fail’, but is aimed at identifying shortcomings so that resilience can then be improved.
The main aims of TIBER-EU are to:
- strengthen resilience to cyber threats in the financial sector,
- standardise and harmonise the implementation of red team testing within the EU,
- and provide support for cross-border tests.
The central banks of the Netherlands and United Kingdom have previously worked with cybersecurity tests of this kind. Following this, the ECB started work on developing a framework that could harmonise the implementation of such tests in the EU. This was published in May 2018. Towards the end of 2018, Belgium and Denmark launched their national versions of the framework, known as TIBER-BE and TIBER-DK.
The implementation guide for TIBER-SE describes Sweden’s adaptation of the TIBER-EU framework. Tests under TIBER-SE will be carried out over the next few years.