Luxembourg Financial Institutions Under Cyber-Attack Threat: Authorities Unveil Testing Framework to Boost Resilience
In a bid to safeguard the financial sector’s stability, Luxembourg’s Banque centrale du Luxembourg (BCL) and Commission de surveillance du secteur financier (CSSF) have jointly adopted a testing framework for controlled cyber-attacks, TIBER- LU.
Background
The move comes in the wake of the European Central Bank’s publication of the TIBER-EU framework in May 2018. The TIBER-EU framework aims to test the resilience of financial entities, facilitate cross-border testing for entities under multiple supervisory authorities, and enable better assessment of protection, detection, and response capabilities against cyber-attacks.
What is TIBER-LU?
TIBER-LU is a harmonized European approach that involves conducting threat-led penetration tests that mimic real-life threat actor tactics and simulate a cyber-attack on critical functions and underlying systems. The framework is designed to be adopted by national and European authorities as well as essential financial infrastructure entities.
Benefits of TIBER-LU
The Luxembourg testing framework, TIBER-LU, is expected to benefit all types of financial sector entities, including those from other sectors. Each jurisdiction will adapt its implementation to national specificities in line with the TIBER-EU framework.
Key Features of TIBER-LU
- Tests the resilience of financial entities
- Facilitates cross-border testing for entities under multiple supervisory authorities
- Enables better assessment of protection, detection, and response capabilities against cyber-attacks
- Conducts threat-led penetration tests that mimic real-life threat actor tactics
Contact Information
For more information or to get in touch with the TIBER-LU team:
- Email: tiber@bcl.lu
- Email: tiber@cssf.lu
By adopting the TIBER-LU testing framework, Luxembourg’s financial institutions can better prepare themselves against cyber-attack threats and maintain the stability of the financial sector.