Norges Bank will organise and staff a TIBER Cyber ​​Team (TCT-NO) to administer and operationalise TIBER-NO and has the formal responsibility for administering the framework. Overall governance of testing will be provided by a steering group, headed by Norges Bank, of which Finanstilsynet (Financial Supervisory Authority of Norway) is also a member. TCT-NO will report to this steering group.

The framework has been developed in consultation with the financial industry and other relevant authorities. The draft TIBER-NO framework was circulated for comment in spring 2021. See also the announcement of the consultation with closing date of 12 May 2021 and press release of 14 May 2020 (in Norwegian only).

The industry and relevant authorities will be involved in the further work to operationalise TIBER-NO.

Background

TIBER-NO is based on a framework developed by the European Central Bank (TIBER-EU). TIBER stands for “Threat Intelligence-based Ethical Red Teaming”.

The framework provides guidance for testing the ability of financial institutions to uncover, protect themselves against and react to sophisticated cyber attacks. The use of targeted threat intelligence and external testing specialists (red teams) ensures that testing is realistic.