The Daily Swig Web security digest

Dutch central bank invites researchers to hack its systems

James Walker | 23 November 2017 at 12:05

TIBER program launched to improve financial sector’s digital defenses.

In an effort to further improve the Dutch financial sector’s resilience to cyber-attacks, De Nederlandsche Bank (DNB), the Dutch central bank, has enlisted a team of security experts to stress test the country’s financial core infrastructure (FCI).

Last week, the DNB provided details of the threat intelligence-based ethical red teaming (TIBER) program, which will mimic cyberattacks from real threat actors on critical systems belonging to the bank and other financial institutions that make up the country’s FCI.

“Institutions that comprise the Dutch FCI must remain resilient to cyber-attacks causing systemic impact,” said the DNB. “Within the TIBER framework, FCI parties will hire cybersecurity providers to deliver controlled test attacks on their live critical core systems.”

The ethical hacks will mimic high-level threat groups, such as organized crime gangs and nation state attackers, to test whether the FCI’s current defensive measures are effective.

The tests will be conducted by the ‘Red Team’ of TIBER professionals against the Dutch financial organizations’ defending ‘Blue Team’ – without the latter group’s knowledge of an impending attack.

“Collaboration, evidence and improvement lie at the heart of TIBER,” said the DNB. “What differentiates TIBER from other security tests is its intelligence-led holistic approach and FCI focus.”

The bank, which was commissioned to create the program by the Financial Stability Committee, said the tests will enhance the Dutch financial sector’s cyber-resilience, allowing institutions to detect potential weaknesses and learn from others’ best practices.

“Of course, the integrity, confidentiality and availability of the operational processes will be safeguarded during the test,” said the DNB.