- BCL regulatory reporting on the collection of data payment instruments and operations
- Reporting Instructions for Guidelines of the European Banking Authority on reporting requirements for fraud data under Article 96(6) of the Directive (EU) 2015/2366 (PSD2)
- Oversight of payment and settlement infrastructures
- Payments and Markets (ECB website)
- BCL Technical Paper - DCB Services & Wholesale CBDC Concept
TIBER-LU
Critical entities of the financial sector in Luxembourg must be able to adequately resist cyber-attacks in order to ensure their own resilience and thereby contribute to the one of the financial sector as a whole. To help achieve this objective, the Banque centrale du Luxembourg (BCL) and the Commission de surveillance du secteur financier (CSSF) decided to jointly adopt the testing framework for controlled cyber-attacks, namely TIBER-LU, in line with their respective financial stability mandates.
TIBER-LU’s adoption is consecutive to the publication in May 2018 of the European framework TIBER-EU[1] by the European Central Bank (ECB). The TIBER-EU framework aims at i) testing the resilience of financial markets’ entities, ii) facilitating tests for cross-border entities that are subject to the supervision by several authorities, iii) helping entities to better assess their protection, detection and response capabilities and to fight against cyber-attacks. In this context, the TIBER-EU framework sets out a harmonized European approach for the conduct of threat-led penetration tests that mimic the tactics, techniques and procedures of real-life threat actors and that simulate a cyber-attack on critical functions and underlying systems of an entity.
The TIBER-EU framework, which was designed to be adopted by national and European authorities and for entities that are essential to the functioning of the financial infrastructure, can be used by all types of entities of the financial sector and also by entities of other sectors.
In line with the TIBER-EU framework, each jurisdiction adopts the European framework at national level by adapting its implementation to national specificities.
Relevant links
TIBER-LU Implementation Guide
TIBER-EU
TIBER-EU Framework
TIBER-EU Services Procurement Guidelines
TIBER-EU White Team Guidance
Scoping specification template
Guidance for target threat intelligence report
Guidance for the red team test plan
Guidance for the red team test report
Guidance for the TIBER-EU test summary report
TIBER-EU Attestation template
TIBER-EU Purple Teaming Best Practices
Contacts
tiber@bcl.lu and tiber@cssf.lu
[1] Threat Intelligence-based Ethical Red Teaming