STARA® is a holistic, threat-led security risk assessment approach that combines the domains of technical, cyber, personnel and physical security. It is a flexible and robust framework that identifies organisational threats, understands business governance and attack impacts, measures maturity and vulnerability to identify the greatest risks facing an organisation, and allows specific, actionable recommendations to be made.
As a scalable and modular framework, STARA has delivered proven benefits for customers of all shapes, sizes and purposes.
STARA® is a key protector of the UK’s health sector and will see an expanded role within both domestic and international government agencies as the changing threat landscape necessitates security improvement globally. With UK government strategy necessitating the hardening of critical government health functions using NCSC Cyber Assessment Framework by 2025, and all government organisations by 2030, there is a clear requirement for the expert risk appraisal offered by BAE Systems Digital Intelligence through STARA®.
Our aim is to protect citizens and improve patient outcomes through the protection of the health sector’s critical national infrastructure.
We are re-thinking risk assessment by identifying key threat actors in the health sector, and understanding their capability and motivation to identify vulnerabilities and attack paths that span multiple domains and may be missed by a single-dimensional maturity assessment. Our ultimate aim is to give concrete recommendations, both to the organisations themselves and the bodies overseeing them, to drive wide-reaching and high impact change to health security through policy and strategy improvements.
The NHS has long been considered one of the UK’s crown jewels and one which its enemies have sought to exploit and disrupt, putting the lives of UK citizens at risk. BAE Systems Digital Intelligence seeks to secure critical NHS systems and organisations today and into the future through cutting edge risk methodologies and techniques.
STARA®: Security Threat and Risk Assessment
Download the brochure to learn more about STARA®
Spotlight case study
A spotlight on UK hospitals: how can critical healthcare services be protected in a porous, high-pressure environment? Following a wave of cyber-attacks, BAE Systems Digital Intelligence was tasked with deploying STARA® to identify key sources of risk within a hospital trust to safeguard its ability to deliver quality care.
Through conducting technical and physical assessments, interviews, and intelligence gathering, the STARA® team uncovered not only technical vulnerability, but the high threat of theft, intimidation and violence posed to its facilities and staff. BAE Systems supported the Trust in identifying the internal and external factors that exacerbated this risk and limited the Trust’s ability to respond, and put the health and wellbeing of staff into jeopardy.
In making recommendations to the Trust, the STARA® team focused on areas of greatest impact. In protecting both personnel and its physical and digital infrastructure, the Trust is now better-equipped to face the challenges posed to healthcare in 2023 and beyond.
Through the intelligence gained at this hospital trust, decision-makers within the Department of Health and Social Care will be better-positioned to offer support to all hospital trusts within the UK in responding to emerging threats to UK healthcare.
“BAE Systems’ deep understanding of holistic security sense was key in helping the National Cyber Security Centre (NCSC) grow in a safe a secure manner that complies with the highest of international standards. We sit geographically and politically at the crossroads of North America, the EU and the UK which attracts a myriad of partners with an interest in our work, and all have been impressed with the outputs and recommendations of the team.
BAE Systems is able to access subject matter experts across multiple disciplines and seamlessly integrate them to a project as the need arises. The result has been a “best in class” design and value for money. My ambition to build and operate an exemplar security capability has been realised through the work undertaken by BAE Systems and I am proud to share the vision and reality with global colleagues.
Savings in the order of €1.5 million (75%) were achieved due to BAE Systems’ experts being able to tailor the design for the use cases without compromising on the quality of the end product. The BAE Systems team has engaged with many teams across government to effectively communicate the needs and requirements of the NCSC in Europe, and promoted positive culture with the overall project – achieving buy-in for all stakeholders.
This commission has already been extended once by 50% of the original value and we are taking steps to extend this project further on a direct award basis as we cannot afford to lose the team’s expertise at this critical time. BAE Systems is critical to the delivery of this project. Our mission is jointly aligned - build sustainable cyber power in Europe and defend our connected world”.
Operations Director, NCSC
“For the past 5 years I have been the Chief Executive at the Security Institute which is the largest professional body in the security sector. As such, I am involved in many projects within the Government Security Profession (GSP), corporate and private sectors of security provision. I am a Chartered Security Professional and this affords me a strategic view of thought leadership, products and services on a global scale.
I was introduced to the BAE Systems’ STARA methodology in May 2022. It is an impressive system. Whilst there are other security risk management products and a multitude of bespoke physical survey templates based on advice from the Centre for the Protection of National Infrastructure (CPNI), the common problem is that there is always an element missing. The suite of products on offer within STARA is all encompassing. It is a converged approach to security that blends Cyber and Information assurance with physical and personnel aspects to ensure that silos are mitigated.
I am truly excited to see this product offered to the marketplace because it will not only provide a holistic methodology; it will enhance the capability and therefore appreciation of the security profession.”
Chief Executive, Security Institute
Stay up to date and get the latest thinking, trends, and technology insights from industry leaders; Subscribe to our Digital Thread Insights series, or learn more about STARA® today
Gary Poole, Head of Security Capabilities at BAE Systems Digital Intelligence: gary.l.poole@baesystems.com
Kieran Cassidy, Capability Lead for Security Threat and Risk Assessment (STARA®): kieran.cassidy@baesystems.com