Dr Kimberly Tam

Biography

I am currently a lecturer in cybersecurity and researching maritime cybersecurity around ship IT/OT/IoT security, port security, autonomous vessels, and offshore structures (e.g. renewable energy). I still continue to do some research on smartphone security through my master students.

Qualifications

Education:

Ph.D. (2016) in Information Security, Royal Holloway University of London, UK
B.S. (2012) in Computer and System Engineering, Rensselaer Polytechnic Institute, USA

Previous Positions:

2017-2019. Research Fellow University of Plymouth in Maritime Cyber Security
2015-2017. Research Engineer, Security and Manageability Lab, Hewlett-Packard Enterprise, Bristol, UK
Summer 2014. Research Engineering Intern. Malware Lab, Hewlett-Packard Enterprise, Bristol, UK
Summer 2012. Cyber Security Intern. MIT Lincoln Laboratory, Massachusetts, USA
Summer 2011. Cyber Security Researcher. James A Clark, Univeristy of Maryland, Maryland, USA
Summer 2010. Engineering Intern. Sandia National Laboratories, Livermore, CA, USA

Professional membership

Fellow of The Higher Education Academy (PGCAP/PDAP 2019)

Teaching

Teaching interests

Interested in teaching cyber-security related areas as well as computer systems and engineering.

Teaching in 2021/2022 (*module leader, +co-teaching)

COMP3000 Final year projects

COMP3000HK Final year projects for students in Hong Kong

PRCO304HK Final year projects for students in Hong Kong

COMP3010+ Security Operations & Incident Management

COMP5002+ Master's level Security Operations & Incident Management

COMP5007* Cyber-Physical Systems Security

SEC303HK* Incident Prevention, Detection & Response taught in Hong Kong

PROJ518MSc Dissertation and Research Skills for MSc Cyber Security at UoP

Teaching in 2020/2021 (*module leader)

COMP3000 Final year projects

COMP3010* Security Operations & Incident Management

COMP5002* Master's level Security Operations & Incident Management

COMP5007* Cyber-Physical Systems Security

PROJ518MSc Dissertation and Research Skills for MSc Cyber Security at UoP

SEC203HK* Second year projects taught in Hong Kong

SEC303HK* Incident Prevention, Detection & Response taught in Hong Kong

CNET349SL* Incident Prevention, Detection & Response taught in NSBM Sri Lanka

Teaching before 2020 (*module leader)

CNET349SL* Incident Prevention, Detection & Response (x2), taught in NSBM Sri Lanka

SEC204* Computer Architecture and Low Level Programming (Module Leader)

SEC204HK second year projects also taught at HKU Space partners in Hong Kong

PRCO204 Second year project

PRCO304 Final year projects

Research

Research interests

I am interested in many of the "newer" niche areas of cybersecurity. My PhD was focused around smartphone security (Android) and my current research is on maritime, which broadly includes IT, OT, and human elements. I enjoy working with other disciplines outside of computting including (but not limited to), maritime, psychology, history, statistics, gaming, robotics, and (homomorphic) cryptography.

https://www.linkedin.com/in/tamk3/

Research degrees awarded to supervised students

Currently supervising 7 Research Fellows / Research Asssistants across four projects, and seven PhD students (2 international). As of 2022, 3 RF/RAs have moved on to new and exciting opportunities. I've had three visiting researchers from China, Turkey, and Norway, and I've hosted summer work experience stays.

Grants & contracts

EU H2020 Cyber-MAR

Cyber-MAR will develop simulation environment for maritime logistics, combining a knowledge-based platform and decision support tool, incorporating novel risk analysis and econometric models. 13 Maritime logistics organizations will increase cyber-awareness and validate their business continuity management in a 6 Million Euro Project of which 650K Euro will go to Plymouth. I am a named Co-I on this project. (3 RAs + 1 Project Admin Assistant)

RED Cyber-SHIP Lab

Aiming to create the next generation of cybersecurity reserach in maritime by recreating a ship's bridge in a lab enviroment (hardware testbed). This lab takes into account both technological and human behavioural aspects in order to effectively mitigate threats, especially considering the huge variation in vessel types, which can be subjected to cyber-attacks in differing ways for differing motivations. The £3million Cyber-SHIP Lab, is supported by funding from Research England, part of UK Research and Innovation, and industry, as well as industry donations in equipment and time. I am a named Co-I and acadmic lead. (3 RAs/RFs + 1 Project Admin Assistant + 1 Project manager + 1 Marketing and Communications Officer)

MARI-UK & Cyber-ASAP for MaCRA [same project, 3 separate bids]

Working on creating a software product based on MaCRA publication which won the 2021 Lloyd's Science of Risk Prize. MaCRA aims to be a risk assessment product for the maritime sector based on academic outputs. Funding from multiple sources to develop software, evaluate market, and reach out to potential customers. Research into assessing risks for the maritime sector (MaCRA) has received £200k from MaRi-UK and £31k total from CyberASAP to develop a product for the industry. With CyberASAP phase one complete, the team was invited to apply for phase 2 funding for £58k, an opportunity only extended to 14 of the 300+ phase one applicants. This also won at the 2021 NCSC Cyber Den compeition run as part of the UK government’s flagship cyber security event, CYBERUK . We aquired an additional £10,000 for covid relief funds from Cyber-ASAP. I am a Co-I on all projects and the Science Offcer for the spin out company selling MaCRA. USA patent pending. (managed several third party software developers)

Protecting space assets - Learning integrity through AI cyber defence

GemaSecure, in association with Southampton and Plymouth universities, are researching the protection and correct operation of AI and ML algorithms for the space sector, its consumers and asset operators. This work will allow for the safe operation of AI and ML in space assets and associated terrestrial communications devices ensuring a secure future for space, maritime, port authorities, smart cities, renewable energy, automotive and autonomous vehicles and other consumers of public and private satellite communications services. This is a short 6 month project worth £153k funded by SPRINT. I am Plymouth PI for this project. (2 RFs)

SPF policy engagement

Working with the Department of Transportation, we wrote a white paper for future smart/free ports of the UK: 10.13140/RG.2.2.12315.54564

SAIMAS: Secure AI within Marine Autonomy Systems

This project proposes to do vulnerability analysis on the use of AI to detect objects in our ports and borders. In particular, what security-vulnerabilities new AIs being developed may have, but also dangerous assumptions that may be made when transferring AIs designed for one purpose (e.g., detecting fish species) and repurposed for another (e.g., mine detection). The re-use case deviates from the stages in the NCSC Principles for the security of machine learning, where the prerequisites in and considerations in stage one are different from the context the AI eventually is used in the later stages.

Consulting: While details are under NDA, I have done a range of consulting jobs across cybersecurity subjects and will occationally take on these types of contracts under UoPEL. I have also consulted the Bank of England on their 2022 Stress Test.

Publications

Key publications

Conference Papers

Kimberly Tam, Kemedi Moara-Nkwe, Kevin Jones "A Conceptual Cyber-Risk Assessment of Port Infastructure" World of Shipping Portugal, An International Research Conference on Maritime Affairs 2020

SK Dash, G Suarez-Tangil, S Khan, K Tam, M Ahmadi, J Kinder, Droidscribe: Classifying android malware based on runtime behavior 2016 IEEE Security and Privacy Workshops (SPW), 252-261

Kimberly Tam, Kevin D Jones " A Cyber-Security Review of Emerging Technology in the Maritime Industry " International Conference of Maritime Science & Technology NAŠE MORE 2019/10/17

Enhanced Transparency: Improving Maritime Cyber Governance. R Hopcraft, K Tam, K Moara-Nkwe, K Jones. MARESEC 2021.

The Development of a Cyber Safety Culture. R Hopcraft, K Tam, K Moara-Nkwe, K Jones. ErgoSHIP 2021

Palbar Misas JD, Hopcraft R & Tam K (2022) 'Future of Maritime Autonomy: Cybersecurity, Trust and Mariner's Situation Awareness' International Ship Control Systems Symposium 2022 , DOI Open access

Hopcraft R, Vineetha Harish A, Tam K & Jones KD (2022) 'Raising the Standard of Maritime Voyage Data Recorder Security' CyberSHIP Annual Symposium 2022 0-/-1/20220-/-1/2022Open access

Ross JAJ, Tam K, Walker DJ & Jones KD (2022) 'Towards a Digital Twin of a Complex Maritime Site for Multi-Objective Optimization' 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon) 5-/-0/20226-/-0/2022IEEE , DOI

Hopcraft R, Tam K, Moara_Nkwe K & Jones K (2021) 'The Development of a Cyber Safety Culture' ErgoSHIP 2021 9-/-0/20219-/-0/2021100-110 Publisher Site Open access

Hopcraft R, Tam K, Moara-Nkwe K & Jones K (2021) 'Enhanced Transparency: Improving Maritime Cyber Governance' MARESEC 2021 6-/-0/20216-/-0/2021Publisher Site Open access

Tam K, Moara-Nkwe K & Jones K (2021) 'A Conceptual Cyber-Risk Assessment of Port Infastructure' World of Shipping Portugal, An International Research Conference on Maritime Affairs Open access

Pozdniakov K, Alonso E, Stankovic V, Tam K & Jones K (2020) 'Smart Security Audit: Reinforcement Learning with a Deep Neural Network Approximator' IEEE Cyber Science Open access

Tam K, Forshaw K & Jones K (2019) 'Cyber-SHIP: Developing Next Generation Maritime Cyber Research Capabilities' International Conference on Marine Engineering and Technology Oman , DOI Open access

Tam K & Jones K (2019) 'Factors Affecting Cyber Risk in Maritime' 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) 6-/-0/20196-/-0/2019IEEE , DOI Open access

Tam K & Jones K (2019) 'Forensic Readiness within the Maritime Sector' 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) 6-/-0/20196-/-0/2019IEEE , DOI Open access

Tam K & Jones K (2018) 'Cyber-Risk Assessment for Autonomous Ships' Cyber Security Glasgow 6-/-0/20186-/-0/2018IEEE Open access

Suarez-Tangil G, Dash SK, Ahmadi M, Kinder J, Giacinto G & Cavallaro L (2017) 'DroidSieve' CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy ACM , DOI

Dash SK, Suarez-Tangil G, Khan S, Tam K, Ahmadi M, Kinder J & Cavallaro L (2016) 'DroidScribe: Classifying Android Malware Based on Runtime Behavior' 2016 IEEE Security and Privacy Workshops (SPW) 5-/-0/20165-/-0/2016IEEE , DOI Open access

Tam K, Khan S, Fattori A & Cavallaro L (2015) 'CopperDroid: Automatic Reconstruction of Android Malware Behaviors' Network and Distributed System Security Symposium 1-15 , DOI

Tam K, Edwards N & Cavallaro L (2015) 'Detecting android malware using memory image forensics' Engineering Secure Software and Systems (ESSoS) Doctoral Symposium

Vineetha Harish A, Tam K & Jones K 'Investigating the Security and Accessibility of Voyage Data Recorder Data using a USB attack' CYBER 2022 : The Seventh International Conference on Cyber-Technologies and Cyber-Systems Open access

Gurren J, Harish AV, Tam K & Jones K 'Security Implications of a Satellite Communication Device on Wireless Networks Using Pentesting' Kevin Jones

Key publications are highlighted

Journals

Tam K, Jones K. "Situational Awareness: Examining Factors that Affect Cyber-Risks in the Maritime Sector" International Journal On Cyber Situational Awareness (IJCSA). 2019 ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182 DOI: 10.22619/IJCSA

Tam K, Jones K. "MaCRA: A Model-Based Framework for Maritime Cyber-Risk Assessment", WMU Journal of Maritime Affairs, 2019. DOI:10.1007/s13437-019-00162-2

Tam K, Jones K. "Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping". Journal of Cyber Policy, Accepted 03 Aug 2018, Published online: 29 Aug 2018 DOI:10.1080/23738871.2018.1513053

Kimberly Tam, Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. "The Evolution of Android Malware and Android Analysis Techniques". ACM Computing Surveys (CSUR), 49(4), 2017. DOI: 10.1145/3017427

Articles

Tam K, Walter M, Barrett A & Walker D (2023) 'Adversarial AI Testcases for Maritime Autonomous Systems' AI, Computer Science and Robotics Technology , DOI

Erstad E, Hopcraft R, Vineetha Harish A & Tam K (2023) 'A human-centred design approach for the development and conducting of maritime cyber resilience training' WMU Journal of Maritime Affairs , DOI

Söner Ö, Kayisoglu G, Bolat P & Tam K (2023) 'Cybersecurity risk assessment of VDR' Journal of Navigation 1-18 , DOI

Hopcraft R, Vineetha Harish A, Tam K & Jones K (2023) 'Raising the Standard of Maritime Voyage Data Recorder Security' Journal of Marine Science and Engineering , DOI Open access

Tam K, Chang B, Hopcraft R, Moara-Nkwe K & Jones K (2023) 'Quantifying the econometric loss of a cyber-physical attack on a seaport' Frontiers in Computer Science 4, , DOI Open access

Kayisoglu G, Bolat P & Tam K (2022) 'Evaluating SLIM-based human error probability for ECDIS cybersecurity in maritime' Journal of Navigation , DOI

Hopcraft R, Tam K, Dorje Palbar Misas J, Moara-Nkwe K & Jones K (2022) 'Developing a maritime cyber safety culture: Improving safety of operations' Maritime Technology and Research 5, (1) 258750-258750 , DOI Open access

Visky G, Lavrenovs A, Orye E, Heering D & Tam K (2022) 'Multi-Purpose Cyber Environment for Maritime Sector' International Conference on Cyber Warfare and Security 17, (1) 349-357 , DOI Open access

Tam K, Hopcraft R, Moara-Nkwe K, Misas JP, Andrews W, Harish AV, Giménez P, Crichton T & Jones K (2021) 'Case Study of a Cyber-Physical Attack Affecting Port and Ship Operational Safety' Journal of Transportation Technologies 12, 1-27 , DOI Open access

Tam K, Hopcraft R, Crichton T & Jones K (2021) 'The potential mental health effects of remote control in an autonomous maritime world' Journal of International Maritime Safety, Environmental Affairs, and Shipping 5, (2) 51-66 , DOI Open access

Tam K, Moara-Nkwe K & Jones K (2020) 'The Use of Cyber Ranges in the Maritime Context' Maritime Technology and Research 3, (1) , DOI Open access

Tam K & Jones KD (2019) 'Situational Awareness: Examining Factors that Affect Cyber-Risks in the Maritime Sector' International Journal on Cyber Situational Awareness 4, (1) 40-68 , DOI Open access

Tam K & Jones K (2019) 'MaCRA: a model-based framework for maritime cyber-risk assessment' Wmu Journal of Maritime Affairs , DOI Open access

Tam K & Jones K (2018) 'Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping' Journal of Cyber Policy 3, (2) , DOI Open access

Tam K, Feizollah A, Anuar NB, Salleh R & Cavallaro L (2017) 'The Evolution of Android Malware and Android Analysis Techniques' ACM Computing Surveys 49, (4) 1-41 , DOI Open access

Jones KD, Tam K & Papadaki M (2016) 'Threats and Impacts in Maritime Cyber Security' Engineering & Technology Reference Publisher Site Open access

Erstad E, Hopcraft R, Palbar JD & Tam K 'CERP: A Maritime Cyber Risk Decision Making Tool' TransNav: International Journal on Marine Navigation and Safety of Sea Transportation

Presentations and posters

Tam K & Jones K Tam K & Jones K 'A Cyber-Security Review of Emerging Technology in the Maritime Industry'

Other Publications

K Tam, N Edwards, L Cavallaro "Detecting Android malware using memory image forensics" Engineering Secure Software and Systems (ESSoS) Doctoral Symposium 2015 [ResearchGate]

[Thesis] Analysis and Classification of Android Malware 2016 [ResearchGate]

Personal

Reports & invited lectures

Department of International Trade (DIT) Marine Cyber Security Demo, Cyber-SHIP, 2nd March 2022

UK Marine Autonomous Systems Regulatory Working Group Meeting Jan 2022: https://app.swapcard.com/event/maritime-autonomous-systems-regulatory-conference-2022

Supergen ORE research group chat: Cyber security in Critical National Infrastructure Nov 8th

Cyber-SHIP 2021 Annual Symposium Oct 21&22, organiser but also speaker for 2 panels.

MRS (Maritime Risk Symposium) 2021 International programme committee and speaker

https://nmiotc.nato.int/wp-content/uploads/2021/09/NMIOTC-5th-Cyber-Security-Conference-Tentative-Agenda-7-Sep-21.pdf

DefCon Hack the Sea. August 21 2021. https://hackthesea.org/schedule-2021/

WEBINAR: Naval Autonomy, AI and Human Factors. July 15th 2021. https://www.imarest.org/events/category/webinar-naval-autonomy-ai-and-human-factors

Emerging Challenges in Cybersecurity (BCS) June 24th 2021, https://community.computingatschool.org.uk/events/9265

Cyber-SHIP lab Research Festival June 2021: https://www.plymouth.ac.uk/research/plymouth-research-festival/2021-cyber-ship-lab

NATO ASW Conference April 2021

Where port security meets  cyber  security (Riviera) August 4 2020. https://www.rivieramm.com/webinar-library/cyber-security/where-port-security-meets--cyber--security

"Digital perils and risks at sea" The Insurance Institute of London (Old Library, Lloyd's) 04 February 2020.

Marine Tech Expo 2018. https://www.linkedin.com/pulse/marine-tech-expo-day-1-summary-chris-girdlestone

Tam K, 6th Annual Industrial Control Cybersecurity Europe, London October 2019, panel.

Presented at the UK embassy in Athens Greece on maritime cyber-security [Hellenic Shipping News link] March 2019

Maritime Cyber Threats and Awareness Symposium, CyMar London 2 November 2018

Identifying Cyber-Threats, Devonport Naval Base Engineering & Science Forum, June 2018

Jones K, Tam K. UK Security Expo 2017, Maritime & Transport security Conference. November 2017

Conferences organised