Dr Kimberly Tam
Profiles

Dr Kimberly Tam

Lecturer in Cyber Security

School of Engineering, Computing and Mathematics (Faculty of Science and Engineering)

Biography

Biography

I am currently a lecturer in cybersecurity and researching maritime cybersecurity around ship IT/OT/IoT security, port security, autonomous vessels, and offshore structures (e.g. renewable energy). I still continue to do some research on smartphone security through my master students.

Qualifications

Education:
  • Ph.D. (2016) in Information Security, Royal Holloway University of London, UK 
  • B.S. (2012) in Computer and System Engineering, Rensselaer Polytechnic Institute, USA
Previous Positions:
  • 2017-2019. Research Fellow University of Plymouth in Maritime Cyber Security
  • 2015-2017. Research Engineer, Security and Manageability Lab, Hewlett-Packard Enterprise, Bristol, UK
  • Summer 2014. Research Engineering Intern. Malware Lab, Hewlett-Packard Enterprise, Bristol, UK
  • Summer 2012. Cyber Security Intern. MIT Lincoln Laboratory, Massachusetts, USA
  • Summer 2011. Cyber Security Researcher. James A Clark, Univeristy of Maryland, Maryland, USA
  • Summer 2010. Engineering Intern. Sandia National Laboratories, Livermore, CA, USA

Professional membership

Fellow of The Higher Education Academy (PGCAP/PDAP 2019) 

Teaching

Teaching

Teaching interests

Interested in teaching cyber-security related areas as well as computer systems and engineering.

Teaching in 2021/2022  (*module leader, +co-teaching)
COMP3000 Final year projects
COMP3000HK  Final year projects for students in Hong Kong
PRCO304HK   Final year projects for students in Hong Kong
COMP3010+  Security Operations & Incident Management
COMP5002+ Master's level Security Operations & Incident Management
COMP5007* Cyber-Physical Systems Security
SEC303HK* Incident Prevention, Detection & Response taught in Hong Kong
PROJ518MSc Dissertation and Research Skills for MSc Cyber Security at UoP

Teaching in 2020/2021 (*module leader)
COMP3000 Final year projects
COMP3010*  Security Operations & Incident Management
COMP5002*  Master's level Security Operations & Incident Management
COMP5007*  Cyber-Physical Systems Security 
PROJ518MSc Dissertation and Research Skills for MSc Cyber Security at UoP
SEC203HK*  Second year projects taught in Hong Kong
SEC303HK* Incident Prevention, Detection & Response taught in Hong Kong 
CNET349SL* Incident Prevention, Detection & Response taught in NSBM Sri Lanka

Teaching before 2020 (*module leader)
CNET349SL* Incident Prevention, Detection & Response (x2), taught in NSBM Sri Lanka
SEC204* Computer Architecture and Low Level Programming (Module Leader)
SEC204HK second year projects also taught at HKU Space partners in Hong Kong
PRCO204 Second year project
PRCO304 Final year projects  

Research

Research

Research interests

I am interested in many of the "newer" niche areas of cybersecurity. My PhD was focused around smartphone security (Android) and my current research is on maritime, which broadly includes IT, OT, and human elements. I enjoy working with other disciplines outside of computting including (but not limited to), maritime, psychology, history, statistics, gaming, robotics, and (homomorphic) cryptography.

https://www.linkedin.com/in/tamk3/

Research degrees awarded to supervised students

Currently supervising 7 Research Fellows / Research Asssistants across four projects, and seven PhD students (2 international). As of 2022, 3 RF/RAs have moved on to new and exciting opportunities. I've had three visiting researchers from China, Turkey, and Norway, and I've hosted summer work experience stays.

Grants & contracts

EU H2020 Cyber-MAR

Cyber-MAR will develop simulation environment for maritime logistics, combining a knowledge-based platform and decision support tool, incorporating novel risk analysis and econometric models. 13 Maritime logistics organizations will increase cyber-awareness and validate their business continuity management in a 6 Million Euro Project of which 650K Euro will go to Plymouth. I am a named Co-I on this project. (3 RAs + 1 Project Admin Assistant)

RED Cyber-SHIP Lab

Aiming to create the next generation of cybersecurity reserach in maritime by recreating a ship's bridge in a lab enviroment (hardware testbed). This lab takes into account both technological and human behavioural aspects in order to effectively mitigate threats, especially considering the huge variation in vessel types, which can be subjected to cyber-attacks in differing ways for differing motivations. The £3million Cyber-SHIP Lab, is supported by funding from Research England, part of UK Research and Innovation, and industry, as well as industry donations in equipment and time. I am a named Co-I and acadmic lead. (3 RAs/RFs + 1 Project Admin Assistant + 1 Project manager + 1 Marketing and Communications Officer)

MARI-UK & Cyber-ASAP for MaCRA [same project, 3 separate bids]
Working on creating a software product based on MaCRA publication which won the 2021 Lloyd's Science of Risk Prize. MaCRA aims to be a risk assessment product for the maritime sector based on academic outputs. Funding from multiple sources to develop software, evaluate market, and reach out to potential customers. Research into assessing risks for the maritime sector (MaCRA) has received £200k from MaRi-UK and £31k total from CyberASAP to develop a product for the industry. With CyberASAP phase one complete, the team was invited to apply for phase 2 funding for £58k, an opportunity only extended to 14 of the 300+ phase one applicants. This also won at the 2021 NCSC Cyber Den compeition run as part of the UK government’s flagship cyber security event, CYBERUK . We aquired an additional £10,000 for covid relief funds from Cyber-ASAP. I am a Co-I on all projects and the Science Offcer for the spin out company selling MaCRA. USA patent pending. (managed several third party software developers)

Protecting space assets - Learning integrity through AI cyber defence
GemaSecure, in association with Southampton and Plymouth universities, are researching the protection and correct operation of AI and ML algorithms for the space sector, its consumers and asset operators. This work will allow for the safe operation of AI and ML in space assets and associated terrestrial communications devices ensuring a secure future for space, maritime, port authorities, smart cities, renewable energy, automotive and autonomous vehicles and other consumers of public and private satellite communications services. This is a short 6 month project worth £153k funded by SPRINT. I am Plymouth PI for this project. (2 RFs)

SPF policy engagement 
Working with the Department of Transportation, we wrote a white paper for future smart/free ports of the UK: 10.13140/RG.2.2.12315.54564


SAIMAS: Secure AI within Marine Autonomy Systems
This project proposes to do vulnerability analysis on the use of AI to detect objects in our ports and borders. In particular, what security-vulnerabilities new AIs being developed may have, but also dangerous assumptions that may be made when transferring AIs designed for one purpose (e.g., detecting fish species) and repurposed for another (e.g., mine detection). The re-use case deviates from the stages in the NCSC Principles for the security of machine learning, where the prerequisites in and considerations in stage one are different from the context the AI eventually is used in the later stages.

Consulting: While details are under NDA, I have done a range of consulting jobs across cybersecurity subjects and will occationally take on these types of contracts under UoPEL. I have also consulted the Bank of England on their 2022 Stress Test.

Publications

Publications

Key publications

Conference Papers

Kimberly Tam, Kemedi Moara-Nkwe, Kevin Jones "A Conceptual Cyber-Risk Assessment of Port Infastructure" World of Shipping Portugal, An International Research Conference on Maritime Affairs 2020

SK Dash, G Suarez-Tangil, S Khan, K Tam, M Ahmadi, J Kinder, Droidscribe: Classifying android malware based on runtime behavior 2016 IEEE Security and Privacy Workshops (SPW), 252-261

Kimberly Tam, Kevin D Jones " A Cyber-Security Review of Emerging Technology in the Maritime Industry " International Conference of Maritime Science & Technology NAŠE MORE  2019/10/17

Enhanced Transparency: Improving Maritime Cyber Governance. R Hopcraft, K Tam, K Moara-Nkwe, K Jones. MARESEC 2021.

The Development of a Cyber Safety Culture. R Hopcraft, K Tam, K Moara-Nkwe, K Jones. ErgoSHIP 2021

Ross JAJ, Tam K, Walker DJ & Jones KD (2022) 'Towards a Digital Twin of a Complex Maritime Site for Multi-Objective Optimization' 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon) 5-/-0/20226-/-0/2022IEEE , DOI
Tam K, Moara-Nkwe K & Jones K (2021) 'A Conceptual Cyber-Risk Assessment of Port Infastructure' World of Shipping Portugal, An International Research Conference on Maritime Affairs Open access
Pozdniakov K, Alonso E, Stankovic V, Tam K & Jones K (2020) 'Smart Security Audit: Reinforcement Learning with a Deep Neural Network Approximator' IEEE Cyber Science Open access
Tam K, Forshaw K & Jones K (2019) 'Cyber-SHIP: Developing Next Generation Maritime Cyber Research Capabilities' International Conference on Marine Engineering and Technology Oman , DOI Open access
Tam K & Jones K (2019) 'Factors Affecting Cyber Risk in Maritime' 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) 6-/-0/20196-/-0/2019IEEE , DOI Open access
Tam K & Jones K (2019) 'Forensic Readiness within the Maritime Sector' 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) 6-/-0/20196-/-0/2019IEEE , DOI Open access
Tam K & Jones K (2018) 'Cyber-Risk Assessment for Autonomous Ships' Cyber Security Glasgow 6-/-0/20186-/-0/2018IEEE Open access
Suarez-Tangil G, Dash SK, Ahmadi M, Kinder J, Giacinto G & Cavallaro L (2017) 'DroidSieve' CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy ACM , DOI
Dash SK, Suarez-Tangil G, Khan S, Tam K, Ahmadi M, Kinder J & Cavallaro L (2016) 'DroidScribe: Classifying Android Malware Based on Runtime Behavior' 2016 IEEE Security and Privacy Workshops (SPW) 5-/-0/20165-/-0/2016IEEE , DOI Open access
Tam K, Khan S, Fattori A & Cavallaro L (2015) 'CopperDroid: Automatic Reconstruction of Android Malware Behaviors' Network and Distributed System Security Symposium 1-15 , DOI
Tam K & Jones K 'A Cyber-Security Review of Emerging Technology in the Maritime Industry' International Conference of Maritime Science & Technology NAŠE MORE

Key publications are highlighted

Journals

Tam K, Jones K. "Situational Awareness: Examining Factors that Affect Cyber-Risks in the Maritime Sector" International Journal On Cyber Situational Awareness (IJCSA). 2019 ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182 DOI: 10.22619/IJCSA

Tam K, Jones K. "MaCRA: A Model-Based Framework for Maritime Cyber-Risk Assessment", WMU Journal of Maritime Affairs, 2019. DOI:10.1007/s13437-019-00162-2 

Tam K, Jones K. "Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping". Journal of Cyber Policy, Accepted 03 Aug 2018, Published online: 29 Aug 2018 DOI:10.1080/23738871.2018.1513053

Kimberly Tam, Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. "The Evolution of Android Malware and Android Analysis Techniques". ACM Computing Surveys (CSUR), 49(4), 2017. DOI: 10.1145/3017427


Articles
Hopcraft R, Vineetha Harish A, Tam K & Jones K (2023) 'Raising the Standard of Maritime Voyage Data Recorder Security' Journal of Marine Science and Engineering , DOI Open access
Hopcraft R, Tam K, Dorje Palbar Misas J, Moara-Nkwe K & Jones K (2022) 'Developing a maritime cyber safety culture: Improving safety of operations' Maritime Technology and Research 5, (1) 258750-258750 , DOI Open access
Visky G, Lavrenovs A, Orye E, Heering D & Tam K (2022) 'Multi-Purpose Cyber Environment for Maritime Sector' International Conference on Cyber Warfare and Security 17, (1) 349-357 , DOI Open access
Tam K, Hopcraft R, Moara-Nkwe K, Misas JP, Andrews W, Harish AV, Giménez P, Crichton T & Jones K (2021) 'Case Study of a Cyber-Physical Attack Affecting Port and Ship Operational Safety' Journal of Transportation Technologies 12, 1-27 , DOI Open access
Tam K, Hopcraft R, Crichton T & Jones K (2021) 'The potential mental health effects of remote control in an autonomous maritime world' Journal of International Maritime Safety, Environmental Affairs, and Shipping 5, (2) 51-66 , DOI Open access
Tam K, Moara-Nkwe K & Jones K (2020) 'The Use of Cyber Ranges in the Maritime Context' Maritime Technology and Research 3, (1) , DOI Open access
Tam K & Jones KD (2019) 'Situational Awareness: Examining Factors that Affect Cyber-Risks in the Maritime Sector' International Journal on Cyber Situational Awareness 4, (1) 40-68 , DOI Open access
Tam K & Jones K (2019) 'MaCRA: a model-based framework for maritime cyber-risk assessment' Wmu Journal of Maritime Affairs , DOI Open access
Tam K & Jones K (2018) 'Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping' Journal of Cyber Policy 3, (2) , DOI Open access
Tam K, Feizollah A, Anuar NB, Salleh R & Cavallaro L (2017) 'The Evolution of Android Malware and Android Analysis Techniques' ACM Computing Surveys 49, (4) 1-41 , DOI Open access
Jones KD, Tam K & Papadaki M (2016) 'Threats and Impacts in Maritime Cyber Security' Engineering & Technology Reference Publisher Site Open access
Other Publications

K Tam, N Edwards, L Cavallaro "Detecting Android malware using memory image forensics" Engineering Secure Software and Systems (ESSoS) Doctoral Symposium 2015 [ResearchGate]

[Thesis] Analysis and Classification of Android Malware 2016 [ResearchGate]

Personal

Personal

Reports & invited lectures

Department of International Trade (DIT) Marine Cyber Security Demo, Cyber-SHIP, 2nd March 2022

UK Marine Autonomous Systems Regulatory Working Group Meeting Jan 2022: https://app.swapcard.com/event/maritime-autonomous-systems-regulatory-conference-2022

 Supergen ORE research group chat: Cyber security in Critical National Infrastructure Nov 8th

 Cyber-SHIP 2021 Annual Symposium Oct 21&22, organiser but also speaker for 2 panels.

 MRS (Maritime Risk Symposium) 2021 International programme committee and speaker

https://nmiotc.nato.int/wp-content/uploads/2021/09/NMIOTC-5th-Cyber-Security-Conference-Tentative-Agenda-7-Sep-21.pdf

DefCon Hack the Sea. August 21 2021. https://hackthesea.org/schedule-2021/

WEBINAR: Naval Autonomy, AI and Human Factors. July 15th 2021. https://www.imarest.org/events/category/webinar-naval-autonomy-ai-and-human-factors

Emerging Challenges in Cybersecurity (BCS) June 24th 2021, https://community.computingatschool.org.uk/events/9265 

Cyber-SHIP lab Research Festival June 2021: https://www.plymouth.ac.uk/research/plymouth-research-festival/2021-cyber-ship-lab

NATO ASW Conference April 2021

Where port security meets  cyber  security (Riviera) August 4 2020. https://www.rivieramm.com/webinar-library/cyber-security/where-port-security-meets--cyber--security

"Digital perils and risks at sea" The Insurance Institute of London (Old Library, Lloyd's) 04 February 2020.

Marine Tech Expo 2018. https://www.linkedin.com/pulse/marine-tech-expo-day-1-summary-chris-girdlestone

Tam K, 6th Annual Industrial Control Cybersecurity Europe, London October 2019, panel.

Presented at the UK embassy in Athens Greece on maritime cyber-security [Hellenic Shipping News link] March 2019

Maritime Cyber Threats and Awareness Symposium, CyMar London 2 November 2018

Identifying Cyber-Threats, Devonport Naval Base Engineering & Science Forum, June 2018

Jones K, Tam K. UK Security Expo 2017, Maritime & Transport security Conference. November 2017

Conferences organised

Maritime Cyber Threats and Awareness Symposium, CyMar London 2 November 2018