FRANKFURT (Reuters) – The European Central Bank has designed a new test simulating cyber attacks on banks, stock exchanges and other firms that are critical for the functioning of the financial system, it said on Wednesday.
The move follows a string of heists and attacks by hackers on lenders and central banks over the past two years, including one that disrupted online and mobile services at the Netherlands’ three top banks earlier this year. The ECB’s initiative aims to create a single framework for testing the cyber-resilience of financial firms in the European Union.
The framework envisages, among other tools, “red teams” (RTs) of external hackers hired to find and exploit vulnerabilities in the companies being tested, a technique derived from the military world and widely used in the private sector.
“The test objectives … are the flags that the RT provider must attempt to capture during the test as it progresses through the scenarios,” the ECB said.
But its European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) will simply serve as a guideline and it will be for other authorities to carry out any test.
“It is up to the relevant authorities and the entities themselves to determine if and when TIBER-EU based tests are performed,” the ECB said.
“Tests will be tailor-made and will not result in a pass or fail – rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity,” it added.
In of the most high profile cases to date, hackers breached the central bank of Bangladesh’s systems in early 2016 and tricked the Federal Reserve Bank of New York into sending as much as $81 million to accounts in the Philippines.