ECB's Benoît Cœuré: Euro Cyber Resilience Board for pan-European Financial Infrastructures

07 December 2018

Mr Benoît Cœuré, Member of the Executive Board of the European Central Bank, warns that cyber threat facing the financial sector continues to be a challenge.

The CROE serves three key purposes: (i) it provides FMIs with detailed steps on how to operationalise the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures, ensuring they are able to make improvements and enhance their cyber resilience over a sustained period of time; (ii) it provides overseers with clear expectations against which to assess FMIs under their responsibility; and (iii) it provides the basis for a meaningful discussion between the FMIs and their respective overseers. The public consultation on the CROE provided some very useful feedback, which we carefully considered, and the final version was published earlier this week. The central banks of the Eurosystem will work closely with the various financial infrastructures to enhance their cyber resilience, with the CROE serving as a good basis for this work.

Enhancing cyber resilience is of crucial importance. Equally important, however, is to test whether the enhancements that have been introduced by individual entities are effective. To that end, we published the TIBER-EU Framework in May and the TIBER-EU Services Procurement Guidelines5 in August. In due course, we will also be publishing the TIBER-EU White Team Guidance, to further complement the testing framework. The feedback on the testing framework has been very positive, and we are in close dialogue with a number of authorities across the EU that are in the process of adopting it. Our hope is that over time, this sophisticated level of testing will help strengthen our financial infrastructures and raise standards among threat intelligence and red team testing providers.

In terms of sector resilience, we believe that exercises are a key component of building market-wide preparedness for a cyber incident. In March, we told you about our forthcoming market-wide exercise, which we held in June. The exercise, UNITAS, took the form of a facilitated discussion among market participants - many of whom are here today - on a cyber scenario. The scenario involved a cyberattack on a number of financial infrastructures, resulting in a loss of data integrity and a knock-on effect on other financial infrastructures. Today we will discuss how we can proceed in 2019 to follow-up on this exercise.

With regard to strategic regulator-industry collaboration, our third pillar, we formally established the Euro Cyber Resilience Board (ECRB) for pan-European Financial Infrastructures in March 2018, as a forum for strategic discussions between financial infrastructures and authorities. As you know, our objectives are to raise awareness of the topic of cyber resilience; to act as a catalyst for joint initiatives to develop effective solutions for the market; and to provide a place to share best practices and foster trust and collaboration. Today we will discuss what concrete steps we can take as members of the ECRB to develop meaningful solutions and foster this trust and collaboration.

Full speech


© BIS - Bank for International Settlements