Badhbh Security Engineering

Security engineering is not a product. It is the application of professional engineering discipline — threat analysis, structural assessment, system integration, and standards-referenced design — to the protection of people, assets, and critical infrastructure. Badhbh delivers that discipline, built on operational experience in environments where security engineering failures have consequences measured in lives. Our team holds Chartered Engineer qualifications and has accumulated operational experience across nine international deployments including Lebanon, Syria, the Democratic Republic of Congo, Kosovo, and Chad. We bring the same analytical rigour and primary source discipline to client engagements that is evident in our Operational Analysis paper series — the only open-source technical analysis of its kind in the Irish security engineering space.

Our Services

Threat and Risk Analysis: We conduct structured threat assessments using the CARVER methodology (Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognisability) — the analytical framework adopted by DHS for critical infrastructure vulnerability assessment. Our assessments identify specific threat actors by tier, characterise attack methods by technique and aim point, and produce a prioritised vulnerability score that directly drives the countermeasure specification. Risk assessments are produced against ISO 31000:2018 and comply with the all-hazards assessment requirements of CER Directive S.I. 559/2024 and NIS2 Article 21.

Physical Security Engineering and Design: From concept through construction, we design Physical Protection Systems to ASIS PSC.1-2012 and NIST SP 800-53 Rev 5 standards. Our designs address the complete threat typology: vehicle-borne IED and standoff vehicle attack (ISO 22343-1:2023 rated HVM specification); pedestrian-borne explosive device; drone-delivered payload; physical intrusion; and insider threat. Every design is anchored to a risk assessment basis and specifies countermeasures with primary source performance data — no generic best practice, no unsourced statistics.

Hostile Vehicle Mitigation: We specify and oversee the installation of ISO 22343-1:2023 rated vehicle security barriers for public spaces, transport infrastructure, critical national infrastructure, and commercial facilities. ISO 22343-1:2023 replaced PAS 68 and IWA 14-1 in September 2023; from 1 March 2024 the NPSA recognises only ISO 22343-1:2023 for new product certification. Our specifications reference the current standard, cite the NPSA Catalogue of Security Equipment, and address approach road geometry alongside barrier selection — because a barrier specification without approach geometry does not address above-envelope vehicle threats.

OT and SCADA Security Architecture: We design and specify defence-in-depth architectures for operational technology environments to IEC 62443-3-3 Security Level 2 — the minimum standard required for water, energy, and transport OT under NIS2 Article 21. Our architecture addresses the confirmed Volt Typhoon and Sandworm threat models: hardware-enforced IT-OT boundary (data diode or hardware security gateway), zero-standing-access vendor management, OT behavioural baselining, OT-specific network monitoring, and protocol authentication extensions for DNP3 and IEC 60870-5-104. We specify named products from established vendors including Claroty, Nozomi Networks, Dragos, Waterfall Security Solutions, Genetec, Axis, and FLIR — not generic architecture diagrams.

Explosive Blast and Weapons Effects Analysis: We conduct structural vulnerability assessments using the Kingery-Bulmash blast engineering methodology validated in UFC 3-340-02 (US Army Corps of Engineers) and ASCE/SEI 59-11. Our assessments calculate overpressure and impulse loading for defined charge weights at defined standoff distances, assess structural response using SDOF analysis, and specify protective glazing to EN 13541:2012 performance classification. We assess above-ground and vehicle-delivered threats, and provide cost-proportionate hardening recommendations referenced to documented incident data.

Critical Infrastructure Protection: We provide CNI security assessments, protection designs, and resilience plans for energy, water, transport, and digital infrastructure operators. Our work is grounded in the regulatory requirements of CER Directive S.I. 559/2024 (transposed into Irish law), NIS2 Directive (EU) 2022/2555, and the Cyber Resilience Act (EU) 2024/2847. We understand the obligations these instruments create for Irish operators — Article 12 all-hazards risk assessment, Article 13 proportionate resilience measures, Article 23 incident notification — and produce documentation that is defensible under regulatory scrutiny, not merely formatted to look compliant.

Electronic Security Systems: We specify integrated electronic security systems to the standards that govern performance: CCTV to BS EN 62676-4:2015 grade specification (Detection, Observation, Recognition, Identification); access control to NERC CIP-006-6 and NIST SP 800-53 PE-3; perimeter detection including thermal imaging, fibre-optic distributed acoustic sensing, and radar. Our technology relationships include Axis Communications, FLIR (Teledyne), Genetec, and HID. System integration is specified through Genetec Security Centre PSIM — not as a point product recommendation but as the integration layer that makes cross-system correlation possible and the time equation of Protection-in-Depth solvable.

Counter-UAS Assessment and Architecture: We assess the UAS threat to specific sites, design counter-UAS detection architectures (radar, RF, acoustic, electro-optical sensor fusion to Genetec PSIM), and advise on the Irish legislative constraints on active defeat capability under the Wireless Telegraphy Acts. Our counter-UAS architecture is specified around the 33-second decision window — the binding constraint between detection and impact that determines whether any response is operationally useful — not around equipment feature lists.

Security Master Planning: For large-scale facilities, campuses, and infrastructure programmes, we produce Security Master Plans that provide the long-term protective security framework within which individual project security designs are developed. Master plans establish the zone architecture, the threat assessment basis, the design standards applicable to each zone boundary, the technology platform strategy, and the capital investment programme. They are designed to integrate with the facility's overall capital programme rather than as standalone security documents.

Business Continuity and Resilience Planning: We develop business continuity plans aligned with ISO 22301:2019, with specific attention to the cascade failure scenarios that CNI operators face — the upstream dependencies (power, gas, telecommunications) whose failure prevents the operator from recovering their own systems. Our resilience planning addresses the time constants of the confirmed threat environment: ransomware dwell and detonation (eight weeks at HSE), subsea cable repair (six weeks to six months), transformer replacement (12-18 months). Plans are tested through tabletop and live exercises to ISO 22301:2019 Clause 8.4.4 requirements.

Why Badhbh

Operational record: Nine international deployments. Chartered Engineer. Fellow of Engineers Ireland. School Commandant, School of Military Engineering, Defence Forces Training Centre. The analysis we produce for clients is grounded in the same primary source discipline and engineering rigour as the Operational Analysis paper series — publicly visible at badhbh.co.

Standards referenced throughout: Every service we deliver is referenced to the governing standard. ISO 31000:2018 for risk management. IEC 62443-3-3 for OT security architecture. ISO 22343-1:2023 for HVM specification. UFC 3-340-02 for blast analysis. EN 13541:2012 for blast glazing. BS EN 62676-4:2015 for CCTV performance. Standards compliance is not a marketing claim — it is the basis on which every design decision is documented and defended.

Vendor-neutral and Irish-owned: We have technical relationships with leading manufacturers — Axis, FLIR, Genetec, HID, Eagle Automation — but our specifications are driven by your threat assessment and your site requirements, not by any vendor's commercial interests. Badhbh is wholly Irish-owned with no equity ties to any technology supplier or platform provider.

Technology used where it adds value: Where analytical tools — including AI-assisted analysis — improve the speed or precision of our work, we use them. Where they do not, we do not. Our analytical output is always reviewed, verified, and accountable to a named Chartered Engineer. The engineering judgement is ours.