The Austrian National Bank (OeNB) hosted the TIBER-EU Provider Conference in Vienna for the first time under its new name, “T-REX 2025”, positioning the event around how the financial sector should navigate threat-led penetration testing (TLPT) as the EU Digital Operational Resilience Act (DORA) takes effect. With DORA in force from the start of the year, TLPT has become mandatory for many financial firms, marking a transition from voluntary TIBER tests to required TLPTs while keeping the TIBER-EU framework as the underlying standard. The release reiterates that TIBER-EU (“Threat Intelligence-Based Ethical Red Teaming”) is designed to run controlled, realistic cyberattacks on critical financial systems to identify vulnerabilities, and notes that Austria has implemented the framework as TIBER-AT since 2023. Around 200 participants, including threat intelligence providers, red team testers and national TIBER cyber teams, focused on experience-sharing, technical challenges and strengthening cooperation within the TIBER community; remarks from OeNB Director Thomas Steiner and a Director General at the European Central Bank framed TLPT as both a learning-oriented exercise and a supervisory tool that tests resilience under realistic conditions.
Austrian National Bank (OeNB) 2025-11-14
Austrian National Bank hosts T-REX 2025 conference on DORA-driven shift to mandatory threat-led penetration testing
The Austrian National Bank hosted the TIBER-EU Provider Conference, now "T-REX 2025," in Vienna, focusing on threat-led penetration testing (TLPT) mandated by the EU Digital Operational Resilience Act (DORA). With DORA in effect, TLPT is now compulsory for many financial firms, transitioning from voluntary TIBER tests while maintaining the TIBER-EU framework. The event emphasized experience-sharing and cooperation among 200 participants, highlighting TLPT as both a learning exercise and a supervisory tool.