TIBER-AT

Threat Intelligence-Based Ethical Red Teaming in Austria

Strengthening cyber resilience of the financial sector through Threat-Led Penetration Testing

Across the EU, the requirements for managing cybersecurity risks in the financial sector have been harmonized with the Digital Operational Resilience Act (DORA), which is applicable as of 2025. For financial entities providing core financial services and playing a systemic role, one of the mandatory DORA requirements is to conduct Threat-Led Penetration Testing (TLPT), generally every three years, to test and improve their resilience against sophisticated cyberattacks.

The methodology for TLPT according to DORA in Austria is in line with the TIBER-EU framework.

TIBER-EU – harmonized EU framework for Threat-Led Penetration Testing

The TIBER-EU framework was developed jointly by the European System of Central Banks (ESCB) in 2018 and updated in January 2025 to be in line with the requirements of DORA and its corresponding regulatory technical standards on TLPT. TIBER stands for “Threat Intelligence-Based Ethical Red Teaming.” Based on this framework, ethical hackers (red team testers) simulate a real life attack on the critical live production systems of a financial entity. Therefore, the tests are conducted under strict security provisions. The tested financial entities must take all the necessary measures to ensure that no risks arise from the test, neither for themselves nor for their clients.

The outcome is not based on a pass/fail concept. Instead, tests are designed as a learning experience to bring maximum benefit to the tested financial entity, thus enabling the financial entity to reach a higher level of cyber maturity.

TIBER-AT – national implementation of TIBER-EU

TIBER-AT is the national implementation of the TIBER-EU framework in Austria and outlines national specifications. This makes it possible to conduct TLPT according to DORA in line with standardized TIBER-EU procedures. Prior to the application of the new regulatory requirements under DORA, several financial entities had already gained valuable insights by participating in voluntary TIBER-AT tests, thereby enhancing their cyber resilience.

The OeNB’s TIBER Cyber Team (TCT-AT) is responsible for TIBER-AT and accompanies all tests in cooperation with the Financial Market Authority (FMA) or, in the case of significant credit institutions, with the European Central Bank (ECB).