DNB oversees cyber resilience tests

De Nederlandsche Bank (DNB) is committed to a resilient financial system. DNB's Test Cyber Team (TCT-DNB) contributes to this by providing strategic cyber intelligence and high-quality test frameworks, and by overseeing cyber resilience tests at financial institutions in the Netherlands and elsewhere in Europe.

Past and future

DNB introduced the TIBER-NL framework in 2016 as a pioneering project for testing cyber resilience in the financial sector. Due to its proven effectiveness, the ECB adopted TIBER-NL in 2018 as the basis for the European TIBER-EU Framework. DNB's introduction of the ART framework in 2024 and the entry into force of the European Digital Operational Resilience Act (DORA) in 2025 mark the ongoing evolution of cyber resilience testing in the financial sector.

What does TCT-DNB do?

Cyber resilience tests are conducted using different frameworks and are based on realistic institution-specific threat scenarios. First, DNB's Test Cyber Team (TCT-DNB) prepares a Generic Threat Landscape (GTL). Next, it oversees the tests and monitors whether the process steps, the deliverables and the test quality meet the requirements set in the framework. If this is the case, TCT-DNB issues a formal confirmation to the financial institution, known as the 'attestation'. This can serve as proof that the test has met the quality requirements set.

TCT-DNB has built wide-ranging testing experience, which it leverages in support of the financial institution during the test. In addition, TCT-DNB facilitates the Resilience Testing Community in which affiliated financial institutions share their lessons learned and jointly undertake specific activities to enhance their resilience. This helps increase the cyber resilience of the financial sector as a whole.

The test frameworks

With the entry into force of DORA, from 2025, in some cases testing is no longer voluntary but mandatory, in the form of a Threat Led Penetration Test. This test must be conducted according to a set procedure. In addition, there may be a need to tailor the scope and content of cyber resilience testing more closely to the financial institution's business processes, ICT infrastructure and cyber resilience measures. TCT-DNB therefore provides three variants of cyber resilience testing monitoring:

1. Threat-Led Penetration Testing (TLPT)

Threat-Led Penetration Testing (TLPT) is conducted according to the TIBER-EU framework. If a financial institution meets the criteria in the Digital Operational Resilience Act (DORA), it is required to conduct this form of testing. In TLPT, realistic cyber attacks are simulated. Building on the experience they gain from this test, financial institutions can further strengthen their detection and response capabilities and meet operational resilience standards. Read more

2. Threat Intelligence-Based Ethical Red-teaming (TIBER) 

If a financial institution does not meet DORA’s criteria for mandatory testing, it may still wish to conduct its cyber resilience tests according to the DORA requirements. If this is the case, the test’s content and approach are identical to those of TLPT, the only difference being that participation is voluntary. TCT-DNB uses the TIBER-EU framework for this test. Read more

3. Advanced Red-Teaming (ART) 

The Advanced Red-Teaming Framework (ART framework) builds on the lessons and successes of TIBER. ART is a modular framework that allows the test’s scope and frequency to be tailored to an organisation’s cyber maturity and its specific learning objectives. Due its modular nature, the ART framework is also suitable for smaller financial institutions that have already made strides in terms of cyber maturity but are not yet ready for a TIBER or TLPT test.

By adopting a flexible testing strategy (in terms of its scope and frequency), applying this framework can be a valuable complement to the DORA requirements. In addition, the ART framework provides a solid platform for periodic cyber resilience testing as required in European legislation, such as DORA and NIS2. Read more

Schema TIBER

Collaboration and impact

TLPT, TIBER and ART tests are carried out by specialised external parties, in collaboration with financial institutions. A TLPT test allows institutions to meet the requirements as set out in DORA. The ART framework can be used in addition - but also on its own - to put together a more individually-scoped test. This allows a financial institution to match the test to the extent to which it has implemented cyber security measures.

Sharing individual lessons learned in a trusted community fosters strategic enhancement of cyber resilience in the Dutch financial sector.

More information

For more information, please contact tct@dnb.nl.