Blog

The TIBER-EU Framework: Here’s What You Need to Know

Posted by: Batya Steinherz
November 09, 2023
Getting your Trinity Audio player ready...

Compliance frameworks aren’t always the most fascinating of topics, but they are always important topics. Today we’re looking at TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union), the European Union framework that defines how organizations should simulate cyberattacks. The TIBER-EU framework was created for orgs providing core financial infrastructure and has mandatory and optional requirements that can be changed as needed to meet each organization’s specific needs. 

The goal of TIBER-EU is straightforward: to establish an industry baseline for cybersecurity testing – across countries, borders and jurisdictions. This enables government authorities and private entities across the Union to unite in enhancing both their cyber resilience and their cyber hygiene.

TIBER-EU was developed as a collaborative effort – harnessing the power of intelligence-led red teaming frameworks in multiple countries. Jointly created by the European Central Bank (ECB) and EU National Central Banks, and drawing insights from similar initiatives in the UK (CBEST) and the Netherlands (TIBER-NL) – the principle underlying the framework is that sharing intelligence and analysis ultimately reduces the resource burden on all parties involved. The framework gained approval in May 2018 and has now been adopted by more than 13 European countries.

Why is TIBER-EU Important?

The TIBER-EU framework is important because it markedly enhances cybersecurity in critical EU business and public sectors. 

Unlike traditional penetration testing and other simulations that focus on individual systems, TIBER-EU mandates a comprehensive approach – considering each organization’s people, processes, and technologies. This holistic perspective is essential because cyber threats often involve lateral movement across connected systems.

TIBER-EU’s adoption across a wide range of European countries is a testament to its effectiveness. It is a unifying force that brings together governmental and commercial threat intelligence. It provides a framework for providing standardized testing with the objective of improving cyber resilience.

For Which Organizations is TIBER-EU Relevant?

TIBER-EU is relevant for a broad spectrum of organizations, primarily those operating in critical sectors. It offers a structured approach to threat intelligence-based testing that is adaptable to the specific needs of diverse entities like:

  • Financial Services Institutions – Including banks, insurers, and investment firms looking to enhance data protection, regulatory compliance, and overall cybersecurity.
  • Infrastructure Providers – Energy, telecom, and transportation entities, aiming to secure essential services, prevent disruptions, and bolster cyber resilience.
  • Government Agencies – Helping national security, law enforcement, and critical government services assess and fortify their cybersecurity readiness.
  • Healthcare Organizations – Securing hospitals and pharmaceutical companies that rely on the secure management of sensitive medical and patient data.
  • Utilities – Water, electricity, and gas companies that need to ensure continuous and secure delivery of vital services by safeguarding their critical infrastructure.
  • Regulated Industries – Other organizations in heavily regulated sectors that are subject to strict data protection regulations and industry-specific standards.

Drill Down: Is TIBER-EU Right for My Organization?

Before adopting the TIBER-EU framework, consider your regulatory environment, risk profile, operational complexity, commitment to cybersecurity, and the benefits of threat intelligence-based testing. You can assess whether the TIBER-EU framework is suitable for your needs by asking the following questions:

  • Regulatory RequirementsDoes my organization operate in a regulatory environment that mandates enhanced cybersecurity measures, threat intelligence-based testing, or red teaming exercises? TIBER-EU is especially relevant for financial institutions subject to strict regulatory oversight.
  • Cyber Risk ProfileWhat is my organization’s cyber risk profile and how high is the sensitivity of the data and systems we handle? Financial institutions dealing with highly sensitive financial information and transactions are more likely to benefit from the robust testing and intelligence-driven approach offered by TIBER-EU.
  • Complexity of OperationsHow complex are my organization’s operations, and do they include cross-border activities and interconnected systems? TIBER-EU is designed to address the challenges associated with multifaceted operations and can help identify vulnerabilities in interconnected systems.
  • Regulatory JurisdictionDoes my organization operate in multiple jurisdictions with varying regulatory requirements? TIBER-EU’s flexibility allows for customization to meet the specific legal and operational requirements of different jurisdictions.
  • Commitment to CybersecurityHow robust is my organization’s existing cybersecurity program and how willing are we to invest in proactive measures to protect against evolving cyber threats? TIBER-EU is suitable for organizations that prioritize robust cybersecurity practices.
  • Threat LandscapeHow dynamic is my organization’s threat landscape and how crucial is it that we keep pace with advanced threat actors? TIBER-EU focuses on mimicking the tactics, techniques, and procedures of such actors to ensure that organizations can adapt their defenses to emerging threats.
  • Collaborative ApproachIs my organization open to a collaborative approach that involves sharing threat intelligence and coordinating with authorities and entities across Europe? TIBER-EU fosters mutual recognition and harmonizes cybersecurity efforts among participants.
  • Industry BenchmarkDoes my organization seek to align with industry standards and best practices? TIBER-EU aims to become an industry benchmark for critical sectors and offers a structured approach to improving cybersecurity.

The Bottom Line

The TIBER-EU framework is the cornerstone of the trans-European cybersecurity regime covering critical sectors. It provides a comprehensive and adaptable approach to threat intelligence-based testing, ensuring organizations are well-prepared to combat evolving cyber threats effectively. TIBER is a unifying force – joining governmental and commercial threat intelligence to safeguard entities across jurisdictions.

By evaluating factors like regulatory requirements, cyber risk profile, and operational complexity, you can decide whether or not it makes sense for your organization to pursue it.


Batya Steinherz

Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.