The Challenge
An over station development was required to satisfy blast design requirements based on an inherited assumption about vehicle-borne explosive threats. Structural hardening to that standard would have imposed significant cost and design constraints. But the assumption had not been tested against the actual access conditions of the building — conditions that fundamentally changed the threat calculus.
Our Approach
Rather than accepting the inherited assumption at face value, Core42 interrogated whether the threat scenario was credible given the building’s specific access configuration. We developed a comprehensive attack tree analysis covering every plausible attack pathway, each scored on a semi-quantitative scale. This structured analysis demonstrated — with traceable, auditable reasoning — that the scenario was not credible. Core42 then built a formal security argument under SFAIRP obligations, establishing a clear and defensible design boundary for protective requirements.
What We Delivered
A terrorism risk assessment with control recommendations, a comprehensive attack tree analysis, and a formal security argument — all delivered within six weeks. The argument was accepted by the relevant regulatory authority.
Why It Matters
This project demonstrates the analytical rigour required to challenge inherited protective design assumptions and build a defensible security argument within a regulated, multi-stakeholder environment. The attack tree methodology is directly transferable to any over station development, mixed-use project above critical infrastructure, or facility under SFAIRP obligations where prescriptive blast requirements appear disproportionate to the assessed threat.