OeNB and FMA increasing security measures against cyber attacks in the financial sector

24. November 2023 |

Press Release

TIBER-AT implements the Eurosystem’s Framework for simulating cyber attacks in Austria.

The Oesterreichische Nationalbank (OeNB) and the Austrian Financial Market Authority (FMA) published their joint TIBER-AT Implementation Guide today. It implements the TIBER-EU framework developed by the European System of Central Banks (ESCB) for simulating cyber attacks in Austria in a realistic manner. By doing so, the OeNB and FMA are making a significant contribution towards strengthening financial market stability in the digital area.

The increasing dependence of the financial sector on information and communication technology (ICT) has made it a particularly attractive target for cyber attacks. The entry into force of the Digital Operational Resilience Act (DORA) in January 2023 heralded harmonised requirements throughout Europe for strengthening the operational stability of financial undertakings. From 2025, it will become mandatory to conduct Threat-Led Penetration Testing (TLPT) for selected financial undertakings. The specific design of such TLPT is currently being drawn up at European level, and is closely based on the TIBER standard. TIBER stands for “Threat Intelligence-Based Ethical Red Teaming“. Ethical hackers (red team) simulate a realistic cyber attack on a financial undertaking under strictly controlled conditions. The permits a holistic view of the financial undertaking’s cyber resilience. Financial undertakings themselves will request future TIBER tests to be conducted that take place under their own responsibility. With TIBER-AT , OeNB and FMA are therefore already implementing a standard that is established in the European financial sector, in order permit Austrian financial undertaking to have an adequate preparation for TLPT . The TIBER Cyber Team in Austria is based at the OeNB , and in cooperation with the FMA coordinates and accompanies such tests, to ensure that they are conducted in a consistent manner in accordance with the rules. Once the test has been concluded, the FMA provides the relevant attestation.

Further information can be found on the respective websites of the F MA and the OeNB.