The Digital Operational Resilience Act (DORA) and the TIBER-EU (Threat Intelligence-Based Ethical Red Teaming for the European Union) framework are complementary initiatives aimed at strengthening the cybersecurity and operational resilience of the European financial sector. While DORA provides overarching regulatory guidelines, TIBER-EU offers a specific methodology for conducting rigorous security assessments.

1. Threat Intelligence: TIBER-EU emphasizes leveraging current and relevant threat intelligence to simulate realistic attack scenarios, ensuring assessments align with the evolving threat landscape facing financial institutions.
2. Red Teaming Exercises: The framework employs ethical hacking techniques and tactics, mimicking sophisticated cyber-attacks, to evaluate an institution’s defences comprehensively. This includes exploiting vulnerabilities, attempting unauthorized access, and assessing the effectiveness of security controls.
3. Scenario-Based Assessments: TIBER-EU utilizes a scenario-based approach, tailoring simulations to reflect plausible cyber threats and attack vectors relevant to each institution’s specific operational environment, systems, and assets.
4. Collaborative Approach: TIBER-EU encourages collaboration among financial institutions, regulatory authorities, and national competent authorities. This facilitates information sharing, best practices, and collective defence strategies, enhancing sector-wide resilience.
5. Detailed Reporting & Recommendations: Following assessments, TIBER-EU mandates comprehensive reporting, detailing findings, vulnerabilities exploited, and recommendations for improving cybersecurity defences. This enables institutions to prioritize remediation efforts and enhance their security posture effectively.
6. Continuous Improvement: Recognizing the dynamic nature of cyber threats, TIBER-EU promotes a culture of continuous improvement. Financial institutions are encouraged to conduct regular assessments, adapt to emerging threats, and refine their cybersecurity strategies to maintain resilience effectively.

• Preparation Phase:
  • Scope Definition: Identify and define the objectives, scope, and boundaries of the red team exercise based on organizational requirements, systems, networks, and assets.
  • Rules of Engagement (RoE): Establish a clear RoE outlining permissible actions, targets, techniques, and constraints for the red team.
• Threat Intelligence Integration:
  • Incorporate relevant and current threat intelligence to inform and guide the development of realistic and plausible attack scenarios, tactics, techniques, and procedures (TTPs).
• Red Team Execution:
  • Conduct simulated cyber-attack scenarios using advanced techniques, tools, and methodologies to exploit vulnerabilities, bypass security controls, and assess detection and response capabilities.
  • Collaborate with stakeholders, regulatory authorities, and national competent authorities throughout the testing process to facilitate information sharing, coordination, and approval.
• Assessment & Analysis:
  • Evaluate the organization’s detection, response, and recovery capabilities based on red team findings, insights, and observations.
  • Analyse exploited vulnerabilities, identified weaknesses, and areas for improvement within the cybersecurity infrastructure and processes.
• Reporting & Recommendations:
  • Generate comprehensive reports detailing findings, exploited vulnerabilities, recommendations, and actionable insights.
  • Prioritize remediation efforts, develop mitigation strategies, and enhance cybersecurity defences based on red team findings and recommendations.