In brief: Effective hostile vehicle mitigation requires four analytical steps completed before any barrier is specified: define the threat basis, assess vulnerability in context, develop the strategy, then translate strategy into requirements. Most projects skip to product selection, producing barriers that are over-specified, under-specified, or misplaced.
A project director calls a meeting. There has been a vehicle attack overseas, and the client wants to know what the project is doing about hostile vehicles. Someone mentions bollards. Within a week, a barrier supplier has quoted, a product has been specified, and a line of steel posts appears on the civil drawings.
No one asked what specific threat the bollards are protecting against. No one assessed whether the site geometry already provides natural protection. No one checked whether the specified barrier rating matches a credible attack scenario or simply the most common product in the supplier's catalogue. The project now has bollards. Whether it has protection is a different question.
Why this matters before you specify anything
HVM done without a structured process produces three outcomes, all expensive.
Over-specification. Barriers rated for a 7.5-tonne truck at 80 km/h installed where the approach geometry limits any vehicle to 30 km/h. The project pays for a capability it does not need, and the streetscape carries industrial-scale infrastructure that signals threat rather than safety. Ilum (2022) documented how security industry logics drive barrier proliferation beyond proportionate need, with commercial interests framing every space as potentially vulnerable.
Under-specification. Decorative bollards installed where a rated barrier is needed, because no one assessed the actual threat. The bollards look like protection but provide none. After an incident, the gap between what was installed and what was needed becomes a liability question.
Misplaced specification. Barriers on the wrong boundary. The rated perimeter faces the low-risk frontage while the service road with unrestricted vehicle access to the crowd gathering area has a chain and a sign. This happens when barrier placement follows property boundaries rather than threat-informed vulnerability analysis.
Each of these failures traces to the same root cause: the project moved to product selection before completing the analytical steps that product selection depends on.
What HVM actually is
Hostile vehicle mitigation is a protective security discipline focused on reducing risks from vehicle-borne threats. It covers two distinct threat types that require different analytical and design responses.
Vehicle-as-a-weapon (VAAW): a vehicle driven deliberately into people, using mass and speed as the weapon. The threat is kinetic energy transfer. Protection is about denying vehicle access to areas where crowds gather, or reducing speed to survivable levels. Recent research (Ludbey et al., 2025) identified six distinct VAAW attack archetypes through analysis of 135 global incidents, ranging from opportunistic light-vehicle incidents to sophisticated heavy-vehicle attacks with secondary weapons.
Vehicle-borne improvised explosive device (VBIED): a vehicle used to deliver and detonate an explosive payload. The threat is blast overpressure and fragmentation. Protection is primarily about stand-off distance, because blast energy dissipates with the cube of the distance from detonation. Every metre of stand-off counts (Ngo et al., 2007; NPSA, 2023).
Current guidance often conflates these scenarios, treating them as a single "hostile vehicle" problem with a single solution: perimeter barriers. They are not the same problem. A VAAW attack at a Christmas market and a VBIED threat to a government building require different threat analyses, different vulnerability assessments, and different design responses. Conflating them leads to either over-specification (VBIED-rated barriers where only VAAW is credible) or under-specification (bollards where stand-off distance is the actual requirement).
The NPSA defines HVM through seven attack techniques: parked, encroachment, penetrative, deception, duress/coercion, insider, and tamper/sabotage. Not all are relevant to every site. The threat basis determines which techniques your project needs to address.
Step 1: Define the threat basis
The threat basis is the documented foundation for every subsequent HVM decision. It answers: what vehicle-borne threat scenarios are credible for this site, and what are their characteristics?
Without a threat basis, you are specifying barriers against an undefined problem. With one, every design decision has a rationale, every expenditure has a justification, and every trade-off is visible.
A credible threat basis includes:
Threat context. What is the site's function, profile, and attractiveness as a target? A transport interchange, a diplomatic precinct, a retail high street, and a residential neighbourhood face different threat profiles. Miller & Hayward (2018) demonstrated that VAAW attacks spread through imitation: high-profile, crowded, symbolic locations attract attention and therefore attract replication. Your site's public profile and crowd characteristics shape the threat.
Credible scenarios. Which specific attack types are plausible? Not every site faces every threat. A pedestrianised retail precinct with no adjacent roads does not face a penetrative vehicle attack. A perimeter road adjacent to a stadium does. Scenario identification should reference the attack typology, not just a generic "hostile vehicle" label. Ludbey et al. (2025) found that current guidance conflates VAAW and VBIED scenarios, leading to over-specified perimeter-first solutions.
Design basis threat. For each credible scenario, what are the vehicle parameters? Mass, speed, angle of approach. These determine the required barrier performance. A 1,500 kg sedan at 40 km/h and a 7,500 kg truck at 64 km/h are different engineering problems. The design basis threat must be derived from the scenario analysis, not from the highest-rated product available.
Adversary capability. Brown & Cox (2010) showed that terrorism involves adaptive adversaries who shift targeting in response to countermeasures. The threat basis should account for adversary decision-making, not just physical parameters. Aven & Renn (2008) argued for scenario-based assessment rather than frequency-based probability, precisely because terrorism threats do not follow actuarial distributions.
The threat basis is a living document. It is reviewed when the threat environment changes, when the site function changes, or when new intelligence is available. It is not a one-time exercise filed with the planning application.
Step 2: Assess vulnerability in context
Vulnerability assessment asks: given the credible threat scenarios, where and how is this site exposed?
This is not a perimeter audit. It is a spatial analysis of how vehicles could access areas where people gather, at what speed, and with what consequences. The analysis must account for site geometry, approach angles, speed development distances, and the relationship between vehicle access points and crowd locations.
Approach geometry. A vehicle cannot achieve high speed on a curved, narrow approach with multiple turns. The same vehicle on a straight, wide road with 200 metres of unobstructed approach is a different problem entirely. Vulnerability is a function of geometry, not just proximity. Jenkins & Butterworth (2018) found that speed reduction through traffic management and geometry is as critical as perimeter barriers.
Crowd exposure. Where do people gather, queue, wait, sit, or move in concentrated groups? At what times? The vulnerability is where the crowd is, not where the property boundary is. A barrier line protecting a building facade while leaving an adjacent outdoor dining area exposed has protected the asset, not the people.
Existing protection. What natural or existing features already provide protection? Level changes, substantial walls, mature trees in continuous planting beds (noting the ANZCTC caution that individual trees are not reliable vehicle security barriers), water features, substantial street furniture. Many sites have more existing protection than a desktop assessment reveals. Equally, some features that look protective are not: planters without anchored foundations, decorative bollards without rated cores, hedges that a vehicle will drive straight through.
Post-impact penetration. The ANZCTC guidelines emphasise that barrier performance is not just about stopping a vehicle. It is about the distance the vehicle penetrates past the barrier line after impact. If the crowd is one metre behind the barrier and post-impact penetration is three metres, the barrier has failed its purpose even if it technically "stopped" the vehicle. The distance between the barrier line and the protected area must account for dynamic penetration under the design basis threat.
Operational context. Service vehicles, deliveries, emergency access, event load-in. These create scheduled penetrations of whatever barrier line you establish. The vulnerability assessment must map when the protective perimeter is deliberately opened and what compensating measures apply during those periods.
Step 3: Develop the strategy
The strategy resolves the question that barrier selection cannot: what is the appropriate protective response for this site, given its threat basis and vulnerability profile?
Strategy sits between analysis and specification. It is where the project decides what to protect, from what, to what standard, and at what cost. These are design decisions, not product decisions.
Protection objectives. What are you protecting, and what outcome defines success? Preventing vehicle penetration to a crowd area is one objective. Reducing vehicle speed to survivable impact levels is another. Maintaining stand-off distance for blast protection is a third. Each objective implies a different design response. Most sites need a combination, with different objectives at different boundaries.
Layered defence. Effective HVM does not rely on a single barrier line. The NPSA framework describes three spatial scales: district (traffic management, road geometry, speed reduction), threshold (the transition from vehicle to pedestrian zone), and site (immediate protection around assets and gathering areas).
Proportionality. The protective response must be proportionate to the assessed threat. Stewart & Mueller (2012) demonstrated that many security investments fail basic cost-effectiveness tests. A proportionate strategy matches the barrier performance requirement to the design basis threat, the spatial treatment to the site context, and the aesthetic treatment to the place character. Over-specification wastes money and degrades place quality. Under-specification creates false confidence.
Design integration. Coaffee (2009) found that visible security can increase fear rather than reduce it. The strategy should define how protective measures will integrate with the urban design, landscape, and architectural intent. Chambers & Andrews (2019) warned that over-reliance on physical barriers produces negative externalities: reduced pedestrian permeability, degraded streetscape, and a "visual language of fear." Yoo et al. (2016) demonstrated through full-scale crash testing that aesthetically designed street furniture can achieve rated barrier performance. The choice between a bollard and a bench with a rated core is a strategy decision, not an engineering constraint.
Operational strategy. How will the HVM scheme operate day-to-day? Who manages active barriers? What is the procedure when service vehicles need access? What happens during events versus normal operations? Booth et al. (2020) identified unclear operational responsibility as a key barrier to effective protective security implementation. The NPSA guidance notes that passive measures (fixed barriers) are preferred over active measures (rising bollards, gates) wherever possible, because passive measures are not vulnerable to human error, power failure, or procedural breakdown.
Step 4: Translate strategy into requirements
Requirements are where strategy becomes verifiable. Each requirement should be traceable to the threat basis, testable against a defined standard, and implementable within the design.
Performance requirements. What impact rating does each barrier element need? This is derived from the design basis threat, not from the highest available rating. Barrier performance is tested to ISO 22343 (formerly IWA 14-1), PAS 68, or ASTM F2656. Each standard defines performance in terms of vehicle mass, speed, and post-impact penetration distance. The requirement should specify the standard, the rating, and the acceptable penetration distance for each barrier zone.
Spatial requirements. Maximum gap between barriers (the ANZCTC specifies 1,200 mm maximum clearance). Minimum barrier height (500 mm per ANZCTC). Required stand-off distances for blast-threat zones. Minimum distance between barrier line and crowd areas to accommodate post-impact penetration. These are the spatial parameters that civil and landscape designers need to incorporate.
Foundation requirements. The ANZCTC guidelines warn that foundation design is as critical as barrier selection. A rated bollard on an inadequate foundation will fail under impact. Foundation requirements must account for soil conditions, subsurface services, and the structural loads imposed by the design basis threat. This is engineering, not product selection.
Operational requirements. Access management procedures for service vehicles. Staffing requirements for active barrier operations. Monitoring and maintenance schedules. Emergency access protocols. Degraded-mode procedures for when active barriers are offline. These requirements are as important as the physical specifications, because operational failure negates physical protection.
Design integration requirements. Material palette, finish standards, height and form constraints that ensure HVM elements are consistent with the landscape and architectural design intent. These are not aesthetic preferences. They are requirements that ensure the HVM scheme does not undermine the place quality objectives that justify the project in the first place. Petty (2016) and de Fine Licht (2017) documented public resistance to security measures perceived as hostile. HVM that degrades place quality generates opposition, maintenance neglect, and eventual removal.
Traceability. Every requirement should trace back to its originating threat scenario and the strategy decision that generated it. This serves three purposes: it justifies the expenditure to the client, it enables review when the threat basis changes, and it provides the audit trail that assurance teams need to verify that the protective scheme is complete and proportionate.
What the evidence says about design integration
The argument for design-integrated HVM is not aesthetic preference. It is supported by evidence from multiple disciplines.
Fortress approaches erode the values they protect. Hess & Mandhan (2022) studied New York City's rapid bollard deployment after the 2017 West Side Highway attack. Hasty barrier installation created accessibility problems, degraded streetscape quality, and undermined the pedestrian environment the barriers were supposed to protect. Meyer et al. (2015) documented the same pattern in Oslo's government quarter after 2011: over-securitisation reduced urban vitality in the name of protecting it.
Visible security can increase fear. Coaffee (2009) found that overt security measures paradoxically increase fear rather than reduce it, because they communicate that a threat is present. This does not mean security should be absent. It means security should be designed so that it communicates confidence, not threat. Coaffee's concept of "rings of confidence" captures this: protection that builds public trust in a place rather than signalling danger.
Integrated measures achieve rated performance. Yoo et al. (2016) validated through full-scale crash testing that streetscape-integrated barriers, designed to look like ordinary street furniture, can achieve the same impact ratings as industrial bollards. The engineering is proven. The choice to deploy industrial-looking barriers rather than integrated alternatives is a strategy decision, not a technical constraint.
Pedestrian impact must be accounted for. Galea et al. (2016) quantified how bollard placement affects pedestrian flow rates and crowd dynamics. Poorly spaced barriers create bottlenecks, reduce evacuation capacity, and degrade the pedestrian experience. The research demonstrates that HVM specification cannot be separated from pedestrian movement design.
Generic application produces nothing measurable. The same finding from CPTED research applies here. Environmental interventions that are not targeted to specific, analysed problems do not produce measurable security outcomes (Widmark, 2026). HVM that follows a standard template rather than responding to site-specific analysis is compliance documentation, not risk management.
What to specify when commissioning HVM
If you are procuring HVM advisory, you are in a position to define the process and the standard of work you expect. Based on the evidence and international guidance, a credible scope includes:
- A documented threat basis with credible scenarios specific to the site, not a generic "hostile vehicle" risk statement
- Vulnerability assessment that analyses approach geometry, speed development, crowd exposure, and existing natural protection, not just the property boundary
- A strategy that resolves protection objectives, proportionality, layered defence, and design integration before any barrier product is specified
- Performance requirements traced to the threat basis, specifying impact test standards, ratings, and acceptable penetration distances
- Spatial requirements for barrier spacing, height, stand-off, and crowd setback
- Foundation specifications appropriate to the design basis threat and site conditions
- Operational requirements covering access management, maintenance, degraded-mode procedures, and responsibility assignment
- Design integration requirements that ensure HVM elements are consistent with the landscape and architectural intent
- Independence from barrier suppliers: the advisory should recommend performance requirements, not branded products
Separating the advisory from product supply is important. An HVM assessment produced by a barrier supplier is a sales document with an analytical wrapper. The analysis should define what is needed. Procurement should find what meets those requirements. These are different functions with different incentives.
None of this is unusual. It is what structured protective security practice looks like when applied to vehicle-borne threats. The gap exists because many projects treat HVM as a product procurement exercise rather than a design discipline.
You do not need to accept that gap.