Security is a core business issue and should be firmly embedded in management systems and processes.  Everyone is responsible for security, not just security specialists. Risk ownership must be unambiguous and aligned with budgetary authority and accountability.  The management of security risk should complement and mirror the application of corporate governance principles.

Risk is defined as “A future uncertain event that could influence the achievement of business objectives and statutory obligations.”  This applies to every area of business activity, including security.  Such risk arises from the random nature of events, imperfect or incomplete knowledge, human behaviour, resource and time constraints, and lack or failure of control systems.  It is assessed concerning likelihood and impact using qualitative and quantitative methods and judgment borne of a group and individual experience.

Within that generic definition, risk has a more specific meaning in the security context.  The security risk is perceived as a threat of compromise to the confidentiality, integrity and availability of assets and is defined as a combination of threat and vulnerability:

Threat means the likelihood of a potentially compromising event taking place.

Vulnerability is the feature or characteristic of an asset that could be exploited in an attack.

Risk Mitigation – To as Low as Reasonably Practicable

In most cases it will not be possible to reduce risk to zero without stopping the operation, changing the way an activity is carried out or placing intolerable financial or obstructive burdens on the business. Therefore, the objective of any risk management programme should be to reduce risk to “as low as reasonably practicable” or ALARP.

Design Basis Threat (DBT)

A fundamental principle of physical protection is that it should be based on the current evaluation of the threat. This evaluation is formalised through a Threat Assessment process. A DBT is derived from this threat assessment. To define the DBT, the set of threat described in the Threat Assessment are refined to take account of other issues and the particular requirements of planning for hostile vehicle mitigation design. To make the transformation from Threat Assessment to DBT, rigorous analysis and decision-making are essential.

Do we need a Design Basis Threat

A hostile vehicle mitigation (HVM) system has a specific objective: to prevent adversaries from successfully breaching the perimeter line and completing a malicious act and thereby achieving their purpose. A clear description of this threat is an essential prerequisite for assured and effective Hostile Vehicle Mitigation.

Ideally, intelligence would provide sufficient information for the specification of design and performance requirements for a Hostile Vehicle Mitigation system to help ensure that this objective is met. However, intelligence is often limited, and threats are inherently dynamic. A Hostile Vehicle Mitigation system designed for today’s threat may not be effective against tomorrow’s threat.

In the absence of a sufficiently detailed and accurate description of the threat, it is difficult to determine with precision the amount of protection that would be appropriate and effective for a given business to prevent unacceptable consequences from an adversary. Given the potentially severe consequences of perimeter line breach and some malicious acts and the high costs of providing Hostile Vehicle Mitigation, uncertainties about the threat are unlikely to be acceptable to a business who are responsible for deciding how much protection is appropriate. Without a well-specified description of the threat, it may be very difficult to determine with confidence whether protection is adequate and sufficient.

The Importance of a Design Basis Threat

The DBT provides a basis for confidence that the Hostile Vehicle Mitigation system developed is appropriate and effective. It provides both a basis for Hostile Vehicle Mitigation design and a consistent criterion for assessing the adequacy of a system. It also provides a baseline standard against which the need for changes in other areas of physical protection can be evaluated. The DBT can permit the customisation of Hostile Vehicle Mitigation systems to address unique features of the business. It can help avoid excessive protection being applied to business while ensuring that business for which a malicious act could result in high consequences get the protection they require.

In this manner, the use of the DBT approach to Hostile Vehicle Mitigation can help to reduce the chance that might otherwise exist in establishing requirements for the physical protection of business under fear, uncertainty or doubt (FUD).

Hostile Vehicle Mitigation – A Risk-Based Performance

To be truly effective, Hostile Vehicle Mitigation must be designed to provide the type of performance necessary to protect against the specific risks faced by the organisation.

When deciding upon Risk-based Performance Requirements, it is important to remember that the objective is to fulfil the agreed Protection Objectives and reduce associated risks to an acceptable level, it is not always possible or desirable to implement the highest level of possible protection, particularly where this is not justified by the level of risk, since this will result in unnecessary expenditure.

It is likely that various levels of performance will emerge by the nature and severity of each risk.

Example 1: One risk may require a building to benefit from an extended stand-off, while another may require a specific product. In this case, the highest level requirement should be taken forward into the design process. However, it is also essential to capture the different types of performance requirements that emerge from different risk scenarios.

Example 2: While two Protection Objectives may require the same level of hostile vehicle mitigation, this could be against very different attack methods (for example entry via ramming versus entry by VBIED).

Risk-based Performance Requirements will provide the element for all subsequent risk mitigation activity, helping to ensure that it is focused and cost-effective, thereby delivering the required level of protection to the Organisation.

Hostile Vehicle Mitigation Selection – The Design Basis Threat

The HVM Should Match the DBT

The DBT should form the basis for determining the kind of vehicle security barrier used. For example, if the DBT identifies organised crime groups, the barrier should be ram resistant, to defend against ram raiding.

If on the other hand, the DBT identifies stationary VBIEDs, the location of the vehicle security barrier should allow for stand-off (distance) between the perimeter line and vulnerable structures inside the site. If the threat is from moving (suicide) VBIEDs intent on driving through the perimeter line, the vehicle security barrier should be tested and certified to PAS68/IWA14 to be able to resist vehicle penetration.

As highlighted in Risk-based Performance, care should be taken not to over protect. It is advisable that the natural inclination of the security professional is to rigorously provide insurmountable obstacles to threats at all possible levels. However, the practical application of this approach is expensive and can adversely affect the operation of the business.

Hostile Vehicle Mitigation Woes

Hostile Vehicle Mitigation design can be commensurate with the built environment and with close consideration of underground services.

Hostile Vehicle Mitigation installation will need to consider the presence of existing underground services as a risk. Striking underground services presents significant dangers to the operatives involved and also the company can incur the cost of repairing the damaged, service, loss of business to those affected and delay the projects in both the time taken to repair the damage and investigate and report the incident.

It is not uncommon to identify underground services at a depth of between 250 – 350mm, especially for telecommunication and data services. In cases such as this, services may need to be rerouted or even removed, however, at great cost. The other alternative is to procure a shallow mount or surface mount HVM system that requires no civil engineering, systems such as Heald’s Matador Range, which can be mounted on the ground or subsurface.

First seen in the February 2017 issue of Risk UK