The European Central Bank has designed a new test simulating cyber attacks on banks, stock exchanges and other firms that are critical for the functioning of the financial system, it said on Wednesday.
The move follows a string of heists and attacks by hackers on lenders and central banks over the past two years, including one that disrupted online and mobile services at the Netherlands’ three top banks earlier this year.
The ECB’s initiative aims to create a single framework for testing the cyber-resilience of financial firms in the European Union.
The framework envisages, among other tools, “red teams” (RTs) of external hackers hired to find and exploit vulnerabilities in the companies being tested, a technique derived from the military world and widely used in the private sector.
“The test objectives … are the flags that the RT provider must attempt to capture during the test as it progresses through the scenarios,” the ECB said.
But its European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) will simply serve as a guideline and it will be for other authorities to carry out any test.
“It is up to the relevant authorities and the entities themselves to determine if and when TIBER-EU based tests are performed,” the ECB said.
“Tests will be tailor-made and will not result in a pass or fail – rather they will provide the tested entity with insight into its strengths and weaknesses, and enable it to learn and evolve to a higher level of cyber maturity,” it added.
Sponsored by Insurance News
In of the most high profile cases to date, hackers breached the central bank of Bangladesh’s systems in early 2016 and tricked the Federal Reserve Bank of New York into sending as much as $81 million to accounts in the Philippines.
Legal warning !
The information, comments and suggestions there are not covered by investment advice. It is based on the author's personal opinions. These views may not fit your financial situation and risk and return preferences. For this reason, based solely on this information, investment decisions may not have the appropriate consequences for your expectation. Our Site is not responsible for any direct or indirect damages incurred by the investors as a result of the use of the information on the Site, deficiencies in the sources, damages incurred by profit, moral damages, or damage to third parties.