Service — Protective Design Practice

Hostile Vehicle Mitigation Consultants

Most HVM in Australia is specified from assumptions. Ours is calibrated from the first peer-reviewed dataset to analyse ideological and non-ideological vehicle attacks together.

A vehicle attack overseas makes the news. A client asks what the project is doing about hostile vehicles. Within a fortnight, a barrier supplier has quoted, a product is on the civil drawings, and the project has a line of bollards. Whether it has protection is a different question.

The Problem

HVM without a threat basis fails in one of three ways

Each failure traces to the same root cause: the project moved to product selection before completing the analysis that product selection depends on.

01

Over-specification

Barriers rated for a 7.5-tonne truck at 80 km/h, installed where approach geometry limits any vehicle to 30 km/h. The project pays for capability it cannot use, and the public realm carries industrial-scale infrastructure that signals threat instead of safety.

02

Under-specification

Decorative bollards where a rated barrier is needed, because nobody assessed the credible threat. They look like protection and provide none. After an incident, the gap between installed and needed becomes a liability question.

03

Misplaced specification

The rated perimeter faces the low-risk frontage while the service road with unrestricted access to the crowd space has a chain and a sign. Placement followed property boundaries, not vulnerability.

The Evidence

What 121 real attacks actually show

~25%

of incidents involved any barrier being surpassed. In most attacks, barriers were never encountered — exposure is the dominant condition.

7 vs 1.8

average fatalities where barriers were surpassed, against where they were not encountered. Partial coverage creates false confidence.

N1

light commercial vehicles — vans, not heavy trucks — are the deadliest class on average. The design basis vehicle should come from the data.

— Motive is a poor predictor of barrier engagement — rates were essentially identical across ideological and non-ideological attacks.

— Attacks cluster into six distinct archetypes, from opportunistic light-vehicle incidents to premeditated heavy-vehicle attacks with secondary weapons.

— Opportunity, layout, and spatial conditions decide outcomes — not motive labels.

— One-size-fits-all HVM does not match the evidence.

Peer-reviewed

Core42 analysed 121 global vehicle-as-a-weapon incidents (2010–2024). Findings published in Crime Science (2025). This research is the analytical foundation of every Core42 HVM engagement. Read the Vehicle as a Weapon research programme →

What You Get

Advisers, not barrier vendors

We hold no product relationships, which means our recommendations are calibrated to your threat profile, not to a sales margin.

A documented threat basis

The credible vehicle-borne scenarios for your site, characterised by archetype, vehicle class, and approach condition, aligned to ISO 22343-1:2023.

Vulnerability assessed in context

Approach speeds, geometry, crowd dynamics, and the protective value already present in the streetscape.

A vehicle security strategy

Differentiated protection levels with performance requirements the design team can respond to, rather than prescribed products. Where streetscape elements can do the protective work, we say so.

Decision-ready documentation

Every recommendation carries its rationale, so expenditure is defensible to boards, planners, and assurance reviews years after the decision was made.

How We Work

Four steps, in order

01

Define the threat basis

Site function, profile, and crowd characteristics, mapped against the six VAAW archetypes and the NPSA attack techniques relevant to your context.

02

Assess vulnerability in context

Vehicle dynamics assessment of credible approach paths, speeds, and angles — including the protection your site geometry already provides.

03

Develop the strategy

Protection philosophies per zone, from integrated streetscape protection through to full vehicle exclusion, with event-mode overlays where occupation varies.

04

Translate into requirements

Performance specifications, design intent documentation, and review of the design team's response through to delivery.

The sequence matters. Projects that start at step four — product selection — are the projects that end up with bollards instead of protection.

Proven at Precinct Scale

Barangaroo Vehicle Security Strategy

Client
Infrastructure NSW
Location
Barangaroo, Sydney
Scope
7 sub-precincts
Output
~40 design recommendations

One of Australia's most heavily used waterfront precincts: seven sub-precincts, multiple landowners, and design conditions where uniform perimeter hardening would have been technically simple and operationally wrong.

Empirical threat calibration kept design basis vehicles proportionate. Differentiated assessment produced distinct protection philosophies per sub-precinct. The design team received performance targets rather than product lists — including event-mode overlays for high-density gatherings.

Read the Barangaroo case study →
Common Questions

Frequently asked questions

When should HVM join the project?

At concept or preliminary design. Threat-informed siting, level changes, and street geometry can deliver protection at near-zero marginal cost when they are design moves; the same outcomes retrofitted after design lock-in arrive as rated barriers at a multiple of the cost, with planning and heritage friction added.

Do we need crash-rated barriers?

Sometimes. In the incident data, only around a quarter of attacks involved a barrier being surpassed at all — but where barriers failed, fatalities were several times higher. The honest answer depends on your threat basis: some zones justify rated product, some are adequately protected by geometry and streetscape, and some need operational measures rather than physical ones. We tell you which is which, and why.

What standards and guidance apply in Australia?

The national Hostile Vehicle Guidelines for Crowded Places, vehicle security barrier testing and classification under ISO 22343 (successor to PAS 68 / IWA 14), and NPSA guidance on attack techniques and integrated design. We translate these into project-specific requirements rather than treating compliance as the objective.

What is the difference between VAAW and VBIED protection?

A vehicle-as-a-weapon attack uses the vehicle's mass and speed against people; mitigation denies access or reduces speed to survivable levels. A vehicle-borne IED uses the vehicle to deliver explosives; mitigation is dominated by stand-off distance. Different threats, different analyses, different design responses — a site can face one, both, or neither.

Can HVM be invisible?

Frequently, yes. Seating, planters, level changes, trees, water features, and street furniture can be engineered to provide vehicle restraint while reading as public realm. The best protective outcomes at Barangaroo are ones visitors never register as security.

What does an engagement cost?

It scales with site complexity and the decision at hand — a single-site assessment is a different undertaking from a precinct-wide strategy. Protection integrated at concept stage typically costs a small fraction of the same protection retrofitted. We scope engagements as fixed-fee options against defined outcomes, so the investment is visible before you commit.

Next Step

Find out which threat profiles apply to your site

Or speak to the principal who led the research and the Barangaroo strategy.

Book a 30-minute call

No obligation. We'll assess fit and tell you honestly if we can help.

Free Diagnostic

The 6 Profiles HVM Scorecard

Twenty-two questions. Six threat archetypes from the published research. A personalised snapshot of which profiles apply to your site and where the protection gap sits.

Benchmark your site →