Skip to content

Hostile Vehicle Mitigation (HVM)

This section contains guidance to help practitioners determine the vehicle-borne threat, assess site strengths and vulnerabilities, and identify suitable options for HVM (Hostile Vehicle Mitigation).

Last Updated 23 April 2025
HVM video

Hostile Vehicle Mitigation puts a protective barrier around your site protecting you, your people and your infrastructure. 

The Public Realm Design for HVM video highlights NPSA's guidance on designing public spaces with consideration to HVM.   

Resource This publication provides information and stimulus to those responsible for integrating hostile vehicle mitigation into the public realm
Resource This note introduces Local Authorities, Event organisers, and similar end user groups to using temporary Vehicle Security Barriers (VSBs) as part of a HVM scheme

What is Hostile Vehicle Mitigation?

Hostile Vehicle Mitigation (HVM) is a protective security discipline focussing on reducing risks associated with vehicle borne threats posed by terrorists and criminals. HVM is the delivery of measures that are informed by the threat and how it manifests itself, the multiple consequences of an attack, the vulnerability of a given location and the needs of the enterprise requiring protection. The basis of HVM are security risk assessments, security planning, and design and the deployment of risk-based measures.

Hostile Vehicle Mitigation Measures

HVM measures are the integrated deployment of security processes, procedures and physical obstructions to counter vehicle borne threats. They typically include; deterrent communications, security awareness, incident response planning and training, operational security, traffic management and the deployment of physical obstructions such as vehicle security barriers and traffic calming measures.

Introduction to Vehicle Borne Threats

Vehicle borne threats range from vandalism to sophisticated or aggressive attack by terrorists or determined criminals. Vehicles (such as cars, vans and lorries) are widely available and terrorists have previously gained access to them through a number of means: 

  • Owned: a vehicle is under the attacker's possession
  • Borrowed: a vehicle is lent by an unwitting or complicit associate
  • Leased: a vehicle is hired from a company, using real or fake documentation
  • Stolen: a stationary, unattended (locked or keys in ignition) vehicle is taken
  • Hijacked: an occupied vehicle, parked inside or outside a protected area, is seized.

Terrorists use vehicles in three main ways to enable an attack:

  • Vehicle Borne Improvised Explosive Device (VBIED)
  • Vehicle As a Weapon (VAW)
  • Layered Attack Vehicle - Transporting attackers and/or weapons

During a terrorist attack, the driver is unlikely to comply with the rules of the road. They will: 

  • Traverse over green spaces such as fields, recreational ground, parks
  • Park illegally
  • Ignore traffic signals
  • Drive at speed
  • Drive on the wrong side of the road
  • Mount footways
  • Enter pedestrianised zones

Vehicle Borne Improvised Explosive Device (VBIED)

Police forensic officers inspect the aftermath of a suspected car bomb explosion in Derry, Northern Ireland

An improvised explosive device is either visible or concealed within a vehicle and transported to target.

The effects from a VBIED detonation include the blast, fireball, primary & secondary fragmentation and ground shock.  

The blast stand-off (the distance between the device and the asset) is the most important factor in determining the extent of damage that can be caused. Maximising the blast stand-off distance will reduce the damage sustained to the asset.

Vehicle As a Weapon (VAW)

Police forensics officers work around a silver Ford Fiesta car that was driven into a barrier at the Houses of Parliament in central London Deliberately driving a vehicle:

  • at an individual or into crowds of people to cause harm; or
  • deliberately driving a vehicle into infrastructure to damage or disrupt its operation. This may indirectly lead to harm to people or disruption to the operation of  a site/event, or more widely, critical services or supplies.

Driving a vehicle into crowds is regarded by terrorists as attractive because it is likely to cause multiple casualties, is low complexity, affordable, requires little planning and skill and is perceived as less likely to be detected in the planning phase. 

VAW attacks are frequently the first part of a Layered Attack. The attacks frequently begin on public roads with little or no warning and are often followed by a marauding attack using bladed weapons, firearms or fire as a weapon. 

Layered Attack Vehicle - Transporting attackers and/or weapons

Van used in London Bridge attackA layered attack is a combination of attack types.

The vehicle may:

  • facilitate the delivery of armed attackers, either covertly or overtly; or
  • be combined with a VBIED or VAW attack

Exploits

There are seven exploits terrorists will use to overcome operational and/or physical security measures:

  • Parked: A vehicle may be legitimately or illegally parked close to, or inside the perimeter of, a site or event space. Prior to an attack, a vehicle may be parked repeatedly to create familiarity and may be abandoned for a short or considerable time.
  • Encroachment: A vehicle may exploit gaps in perimeter protection; drive slowly through, or over, what is perceived to be a perimeter; or tailgate legitimate vehicle access through a single-layer Vehicle Access Control Point (VACP).
  • Penetrative: A vehicle may be used at low or high speed to breach security measures. Lower speed attacks may involve the vehicle being aggressively and repetitively rammed against security measures or other obstructions to gain access.
  • Deception: Attackers may forge or steal documentation, lie, or alter the look of their vehicle or themselves to appear legitimate. A ‘Trojan Vehicle’ is a vehicle modified to replicate a legitimate access. An ‘unknowing mule’ is a legitimate driver unknowingly delivers an IEDs, weapons, and/or attackers into a site.
  • Duress/Coercion: A legitimate driver, security officer at a Vehicle Access Control Point (VACP), or other person could be forced to facilitate access to a site. They, or others known to them, may be threatened with violence or placed under undue influence through mental pressure (e.g. bribery or blackmail).
  • Insider: A person with legitimate access willingly facilitates and attack by operating the security measures locally or remotely, managing or issuing access rights or interfering with the security measures.
  • Tamper/Compromise: A cyber or physical attack aiming to alter, weaken, or disable a barrier, while intending to leave no evidence.

Operational Requirements

How do I assess the strengths and vulnerabilities of my site to vehicle-borne threats?

Once the nature of threat is understood, practitioners should take a methodical and  considered approach to determine project objectives and highlight security vulnerabilities:

  • Develop detailed security requirements for HVM - Operational Requirements (OR)
  • User Requirement Document (URD) if not covered in the detailed requirements - addressing additional business needs e.g. stakeholder liaison, planning and design
  • Practical site assessment - a detailed review of vulnerabilities and opportunities in the environment, operational and physical security measures.
  • Technical assessment - e.g. Vehicle Dynamics Assessment (VDA) at specific locations based on the relevant threat vehicle(s)
  • Liaison with technical or security experts - e.g. NPSA or CTSAs, or RSES professionals with relevant experience.

How can I reduce the vulnerability of my site and mitigate vehicle-borne threats?

Based on the project objectives and site assessment, a range of options can be incorporated into the design of a robust HVM strategy:

  • Principles of hostile vehicle mitigation - determine the aims of the HVM strategy and how it will integrate with other site security measures.
  • Traffic calming - can be used to limit vehicle approach speeds to a manageable level.
  • Vehicle Security Barriers (VSB) -  provide proven vehicle impact protection and maintain blast stand-off.
  • Traffic management - when and how legitimate traffic will access the site.
  • Vehicle access control - consider deployment of active VSB solutions, access procedures, long term operational management and emergency access.

Standards, Testing and Products

What vehicle impact test standards should I be using?

NPSA recommend that a barrier deployed for the purposes of countering terrorism to protect assets against vehicle-borne threats should be a 'Rated Vehicle Security Barrier' that has undergone formal vehicle impact testing. The testing should:

  • be conducted to a recognised vehicle impact test standard
  • be performed at an independent test house
  • achieve a performance rating in accordance with the chosen standard

NPSA have also developed an additional standard for testing: Vehicle Attack Delay Standard (VADS). VADS provides a means for testing Vehicle Security Barriers (VSBs) against aggressive and repetitive vehicle impacts- more information can be found on the HVM Standards blog.

Hostile Vehicle Mitigation Project Cycle

Design

A HVM scheme needs to be designed before it is installed.  Implementing the Operational Requirements into a scheme design will increase the likelihood of it mitigating the vehicle threat and it being incorporated into the site or event's normal operations.  

Understanding the capabilities and limitations of individual products and schemes is vital before they are procured.  This includes ensuring they are installed correctly, to maximise the vehicle resistance, and making them intuitive to operate; this will make them safer and more secure.

Build

Once a scheme design has been completed it is important to ensure it is built as per instruction.  This will maximise the vehicle resistance.  A poor build phase may create vulnerabilities in the scheme that cannot easily be detected afterwards.  Due care and attention must be given during installations to ensure products are not installed incorrectly.

Operate

When the scheme is up and running it is important to keep it well maintained. Failure to do so will inevitably lead to products breaking down. This will likely impact the operability of the site or event and may create vulnerabilities that can be exploited by a hostile vehicle or make the product dangerous.  Regular servicing will flag issues before they turn into serious problems.

Public Realm Integration

Integration of HVM measures within the public realm is increasingly common and whilst requiring the application of informed design choices meeting the needs of numerous stakeholders, can provide proportionate security measures without impinging on the needs of local businesses or functionality of the public space.

In addition to the publication of a public realm design guide for HVM, NPSA has collaborated with the Department for Transport to produce guidance regarding the incorporation of HVM measures in the public space and specific advice on the use of bollards and their effect on pedestrian movement.

Anti-Terrorism Traffic Regulation Order

An ATTRO provides a statutory basis under the Road Traffic Regulation Act 1984 (RTRA) for regulating traffic and implementing physical security measures to: 

  • avoid or reduce, or reduce the likelihood of, danger connected with terrorism; and
  • prevent or reduce damage connected with terrorism, where terrorism is as defined in the Terrorism Act 2000. 

ATTROs may be permanent or temporary and can only be made by a traffic authority on the recommendation of a Chief Officer of Police.

ATTROs can:

  • provide for the installation of permanent vehicle control measures;
  • provide for the installation of temporary vehicle control measures;
  • provide for the installation of permanent vehicle control measures for later use, for example at times of raised threat or for specific events. These measures may include, for example, the installation of rising security bollards around a city centre used only when a secure conference was being hosted, i.e. whilst the bollard installation is permanent, its use is temporary;
  • enable the commencement, suspension or resumption of provisions. The provisions also allow for the discretion of a Constable to apply, or not to apply, a provision of an ATTRO;
  • prohibit parking on a road, for example near a vulnerable site;
  • restrict pedestrian access to premises in roads affected.

In all cases where a recommendation for an ATTRO is to be made, the Chief Officer of Police should seek advice from their Counter Terrorism Security Advisor (CTSA) and major event planner with Hostile Vehicle Mitigation experience.

Early liaison between the police and the traffic authority will help in developing an effective and acceptable proposal that balances the needs of security with the impact on local residents, local businesses and road users.

Did you find this page useful? Yes No