The European Central Bank (ECB) has designed a new test which simulates a cyber-attack on stock exchanges, banks and other firms that are crucial for the functioning of the financial system.
This step was taken after a string of cyber-crime and attacks by criminal hackers on money lenders and central banks in the past 2 years. This includes the cyber-attack that disrupted the mobile services and online facilities at the top three banks in the Netherlands, earlier this year.
The European Central Bank’s action plan aims on creating a single framework to test the cyber-resilience of the financial firms present in European Union.
The framework, apart from other tools, predicts “red teams” (RT) of external hackers that are hired to find and handle weaknesses and vulnerabilities in the firm being tested. This technique is derived from the military world and is widely used in the private sector.
The European Central Bank says that, “The test objectives … are the flags that the RT provider must attempt to capture during the test as it progresses through the scenarios.”
However, the European Framework designed for Threat Intelligence based on Ethical Red Teaming (TIBER-EU) and will simply serve as a guideline and it will depend on other authorities to carry out any tests.
The ECB claims that, “It is up to the relevant authorities and the entities themselves to determine if and when TIBER-EU based tests are performed.”
It added saying, “Tests will be tailor-made and will not result in a pass or fail – rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity.”
One of the most high profile cases up until today is when cyber-hackers breached the system of Central Bank of Bangladesh in early 2016 whereby they tricked the Federal Reserve Bank of New York in sending around $81million to bank accounts in the Philippines.