Dr Kimberly Tam
Profiles

Dr Kimberly Tam

Associate Professor in Cybersecurity

School of Engineering, Computing and Mathematics (Faculty of Science and Engineering)

Biography

Biography

I am currently a lecturer in cybersecurity and researching maritime cybersecurity around ship IT/OT/IoT security, port security, autonomous vessels, and offshore structures (e.g. renewable energy). I still continue to do some research on smartphone security through my master students.

Qualifications

Education:
  • Ph.D. (2016) in Information Security, Royal Holloway University of London, UK 
  • B.S. (2012) in Computer and System Engineering, Rensselaer Polytechnic Institute, USA
Previous Positions:
  • 2017-2019. Research Fellow University of Plymouth in Maritime Cyber Security
  • 2015-2017. Research Engineer, Security and Manageability Lab, Hewlett-Packard Enterprise, Bristol, UK
  • Summer 2014. Research Engineering Intern. Malware Lab, Hewlett-Packard Enterprise, Bristol, UK
  • Summer 2012. Cyber Security Intern. MIT Lincoln Laboratory, Massachusetts, USA
  • Summer 2011. Cyber Security Researcher. James A Clark, Univeristy of Maryland, Maryland, USA
  • Summer 2010. Engineering Intern. Sandia National Laboratories, Livermore, CA, USA

Professional membership

Fellow of The Higher Education Academy (PGCAP/PDAP 2019) 

Teaching

Teaching

Teaching interests

Interested in teaching cyber-security related areas as well as computer systems and engineering.

Teaching in 2022/2023 (*module leader)
COMP3000 Final year projects
COMP3010* Security Operations & Incident Management
COMP5002* Master's level Security Operations & Incident Management
COMP5007* Cyber-Physical Systems Security
NMS308      Unmanned Maritime Systems Operations
COMP2003   Second Year projects
COMP2003HK* Second Year projects in HK
COMP3000HK* Final year projects
PROC304HK*  Final year projects
COMP3010HK* Incident Prevention, Detection & Response
PUSL2021*   Computing Group Project
MAL2020*   Computing Group Project

Teaching in 2021/2022  (*module leader, +co-teaching)
COMP3000 Final year projects
COMP3010** Security Operations & Incident Management
COMP5002** Master's level Security Operations & Incident Management
COMP5007* Cyber-Physical Systems Security
COMP2003   Second Year projects
COMP3000HK* Final year projects
SEC303HK* Incident Prevention, Detection & Response
NMS302     Operational Procedures and Processes
SEC203HK* Security Integration Project

Teaching in 2020/2021 (*module leader)
COMP3000 Final year projects
COMP3010*  Security Operations & Incident Management
COMP5002*  Master's level Security Operations & Incident Management
COMP5007*  Cyber-Physical Systems Security 
PROJ518MSc Dissertation and Research Skills for MSc Cyber Security at UoP
SEC203HK*  Second year projects taught in Hong Kong
SEC303HK* Incident Prevention, Detection & Response taught in Hong Kong 
CNET349SL* Incident Prevention, Detection & Response taught in NSBM Sri Lanka

Teaching 2020 and before  (*module leader)
CNET349SL* Incident Prevention, Detection & Response (x2), taught in NSBM Sri Lanka
SEC204* Computer Architecture and Low Level Programming (Module Leader)
SEC204HK second year projects also taught at HKU Space partners in Hong Kong
COMP3000
PRCO204 Second year project
PRCO304 Final year projects  

Staff serving as external examiners

o American University of Malta: Accreditation of a Master of Science in Cyber Security (2020)
o IDEA Leadership and Management Institute: Accreditation of Master of Science in Artificial Intelligence (2020)
o IELI (International eLearning Institute): Master of Science in Information Security (2022)

Research

Research

Research interests

I am interested in many of the "newer" niche areas of cybersecurity. My PhD was focused around smartphone security (Android) and my current research is on maritime, which broadly includes IT, OT, and human elements. I enjoy working on cross-discipline challenges. Most up to date information is usually on the Martiime Cyber Threats research page.

Research degrees awarded to supervised students

Currently supervising 7 Research Fellows / Research Asssistants across four projects, and seven PhD students (2 international). As of 2022, 3 RF/RAs have moved on to new and exciting opportunities. I've had three visiting researchers from China, Turkey, and Norway, and I've hosted summer work experience stays and micro-interns.  

Grants & contracts

EU H2020 Cyber-MAR

Cyber-MAR will develop simulation environment for maritime logistics, combining a knowledge-based platform and decision support tool, incorporating novel risk analysis and econometric models. 13 Maritime logistics organizations will increase cyber-awareness and validate their business continuity management in a 6 Million Euro Project of which 650K Euro will go to Plymouth. I am a named Co-I on this project. (3 RAs + 1 Project Admin Assistant)

RED Cyber-SHIP Lab

Aiming to create the next generation of cybersecurity reserach in maritime by recreating a ship's bridge in a lab enviroment (hardware testbed). This lab takes into account both technological and human behavioural aspects in order to effectively mitigate threats, especially considering the huge variation in vessel types, which can be subjected to cyber-attacks in differing ways for differing motivations. The £3million Cyber-SHIP Lab, is supported by funding from Research England, part of UK Research and Innovation, and industry, as well as industry donations in equipment and time. I am a named Co-I and acadmic lead. (3 RAs/RFs + 1 Project Admin Assistant + 1 Project manager + 1 Marketing and Communications Officer)

MARI-UK & Cyber-ASAP for MaCRA [same project, 3 separate bids]
Working on creating a software product based on MaCRA publication which won the 2021 Lloyd's Science of Risk Prize. MaCRA aims to be a risk assessment product for the maritime sector based on academic outputs. Funding from multiple sources to develop software, evaluate market, and reach out to potential customers. Research into assessing risks for the maritime sector (MaCRA) has received £200k from MaRi-UK and £31k total from CyberASAP to develop a product for the industry. With CyberASAP phase one complete, the team was invited to apply for phase 2 funding for £58k, an opportunity only extended to 14 of the 300+ phase one applicants. This also won at the 2021 NCSC Cyber Den compeition run as part of the UK government’s flagship cyber security event, CYBERUK . We aquired an additional £10,000 for covid relief funds from Cyber-ASAP. I am a Co-I on all projects and the Science Offcer for the spin out company selling MaCRA. USA patent pending. (managed several third party software developers)

Protecting space assets - Learning integrity through AI cyber defence
GemaSecure, in association with Southampton and Plymouth universities, are researching the protection and correct operation of AI and ML algorithms for the space sector, its consumers and asset operators. This work will allow for the safe operation of AI and ML in space assets and associated terrestrial communications devices ensuring a secure future for space, maritime, port authorities, smart cities, renewable energy, automotive and autonomous vehicles and other consumers of public and private satellite communications services. This is a short 6 month project worth £153k funded by SPRINT. I am Plymouth PI for this project. (2 RFs)

SPF policy engagement 
Working with the Department of Transportation, we wrote a white paper for future smart/free ports of the UK: 10.13140/RG.2.2.12315.54564


This project proposes to do vulnerability analysis on the use of AI to detect objects in our ports and borders. In particular, what security-vulnerabilities new AIs being developed may have, but also dangerous assumptions that may be made when transferring AIs designed for one purpose (e.g., detecting fish species) and repurposed for another (e.g., mine detection). The re-use case deviates from the stages in the NCSC Principles for the security of machine learning, where the prerequisites in and considerations in stage one are different from the context the AI eventually is used in the later stages.

Consulting: While details are under NDA, I have done a range of consulting jobs across cybersecurity subjects and will occationally take on these types of contracts under UoPEL. I have also consulted the Bank of England on their 2022 Stress Test.

SAIMS - Alan Turing Fund (Details to come)
Publications

Publications

Key publications

Conference Papers

Kimberly Tam, Kemedi Moara-Nkwe, Kevin Jones "A Conceptual Cyber-Risk Assessment of Port Infastructure" World of Shipping Portugal, An International Research Conference on Maritime Affairs 2020

SK Dash, G Suarez-Tangil, S Khan, K Tam, M Ahmadi, J Kinder, Droidscribe: Classifying android malware based on runtime behavior 2016 IEEE Security and Privacy Workshops (SPW), 252-261

Kimberly Tam, Kevin D Jones " A Cyber-Security Review of Emerging Technology in the Maritime Industry " International Conference of Maritime Science & Technology NAŠE MORE  2019/10/17

Enhanced Transparency: Improving Maritime Cyber Governance. R Hopcraft, K Tam, K Moara-Nkwe, K Jones. MARESEC 2021.

The Development of a Cyber Safety Culture. R Hopcraft, K Tam, K Moara-Nkwe, K Jones. ErgoSHIP 2021

Gurren J, Vineetha Harish A, Tam K & Jones K (2023) 'Security Implications of a Satellite Communication Device on Wireless Networks Using Pentesting' 19th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob) , DOI Open access
Vineetha Harish A, Tam K & Jones K (2023) 'Investigating the Security and Accessibility of Voyage Data Recorder Data using a USB attack' CYBER 2022 : The Seventh International Conference on Cyber-Technologies and Cyber-Systems 1-/-1/20221-/-1/2022https://www.iaria.org/ Publisher Site Open access
Palbar Misas JD, Hopcraft R & Tam K (2022) 'Future of Maritime Autonomy: Cybersecurity, Trust and Mariner's Situation Awareness' International Ship Control Systems Symposium 2022 , DOI Open access
Hopcraft R, Vineetha Harish A, Tam K & Jones KD (2022) 'Raising the Standard of Maritime Voyage Data Recorder Security' CyberSHIP Annual Symposium 2022 0-/-1/20220-/-1/2022Open access
Ross JAJ, Tam K, Walker DJ & Jones KD (2022) 'Towards a Digital Twin of a Complex Maritime Site for Multi-Objective Optimization' 2022 14th International Conference on Cyber Conflict: Keep Moving! (CyCon) 5-/-0/20226-/-0/2022IEEE , DOI Open access
Hopcraft R, Tam K, Moara_Nkwe K & Jones K (2021) 'The Development of a Cyber Safety Culture' ErgoSHIP 2021 9-/-0/20219-/-0/2021100-110 Publisher Site Open access
Hopcraft R, Tam K, Moara-Nkwe K & Jones K (2021) 'Enhanced Transparency: Improving Maritime Cyber Governance' MARESEC 2021 6-/-0/20216-/-0/2021Publisher Site Open access
Tam K, Moara-Nkwe K & Jones K (2021) 'A Conceptual Cyber-Risk Assessment of Port Infastructure' World of Shipping Portugal, An International Research Conference on Maritime Affairs Open access
Pozdniakov K, Alonso E, Stankovic V, Tam K & Jones K (2020) 'Smart Security Audit: Reinforcement Learning with a Deep Neural Network Approximator' IEEE Cyber Science Open access
Tam K, Forshaw K & Jones K (2019) 'Cyber-SHIP: Developing Next Generation Maritime Cyber Research Capabilities' International Conference on Marine Engineering and Technology Oman , DOI Open access
Tam K & Jones K (2019) 'Factors Affecting Cyber Risk in Maritime' 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) 6-/-0/20196-/-0/2019IEEE , DOI Open access
Tam K & Jones K (2019) 'Forensic Readiness within the Maritime Sector' 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA) 6-/-0/20196-/-0/2019IEEE , DOI Open access
Tam K & Jones K (2018) 'Cyber-Risk Assessment for Autonomous Ships' Cyber Security Glasgow 6-/-0/20186-/-0/2018IEEE Open access
Suarez-Tangil G, Dash SK, Ahmadi M, Kinder J, Giacinto G & Cavallaro L (2017) 'DroidSieve' CODASPY '17: Seventh ACM Conference on Data and Application Security and Privacy ACM , DOI
Dash SK, Suarez-Tangil G, Khan S, Tam K, Ahmadi M, Kinder J & Cavallaro L (2016) 'DroidScribe: Classifying Android Malware Based on Runtime Behavior' 2016 IEEE Security and Privacy Workshops (SPW) 5-/-0/20165-/-0/2016IEEE , DOI Open access
Tam K, Khan S, Fattori A & Cavallaro L (2015) 'CopperDroid: Automatic Reconstruction of Android Malware Behaviors' Network and Distributed System Security Symposium 1-15 , DOI
Tam K, Edwards N & Cavallaro L (2015) 'Detecting android malware using memory image forensics' Engineering Secure Software and Systems (ESSoS) Doctoral Symposium

Key publications are highlighted

Journals

Tam K, Jones K. "Situational Awareness: Examining Factors that Affect Cyber-Risks in the Maritime Sector" International Journal On Cyber Situational Awareness (IJCSA). 2019 ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182 DOI: 10.22619/IJCSA

Tam K, Jones K. "MaCRA: A Model-Based Framework for Maritime Cyber-Risk Assessment", WMU Journal of Maritime Affairs, 2019. DOI:10.1007/s13437-019-00162-2 

Tam K, Jones K. "Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping". Journal of Cyber Policy, Accepted 03 Aug 2018, Published online: 29 Aug 2018 DOI:10.1080/23738871.2018.1513053

Kimberly Tam, Ali Feizollah, Nor Badrul Anuar, Rosli Salleh, and Lorenzo Cavallaro. "The Evolution of Android Malware and Android Analysis Techniques". ACM Computing Surveys (CSUR), 49(4), 2017. DOI: 10.1145/3017427


Articles
Palbar Misas JD, Hopcraft R, Tam K & Jones K (2024) 'Future of maritime autonomy: cybersecurity, trust and mariner's situational awareness' Journal of Marine Engineering & Technology 1-12 Publisher Site , DOI Open access
Soner O, Kayisoglu G, Bolat P & Tam K (2023) 'Risk sensitivity analysis of AIS cyber security through maritime cyber regulatory frameworks' Applied Ocean Research , DOI Open access
Kayisoglu G, Bolat P & Tam K (2023) 'A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR' Journal of Marine Engineering and Technology , DOI Open access
Riley S, Tam K, Tse W-Y, Connor A & Wei Y (2023) 'An external validation of the Kidney Donor Risk Index in the UK transplant population in the presence of semi-competing events' Diagnostic and Prognostic Research , DOI Open access
Vineetha Harish A, Tam K & Jones K (2023) 'BridgeInsight: An asset profiler for penetration testing in a heterogenous maritime bridge environment' Maritime Technology and Research , DOI Open access
Erstad E, Hopcraft R, Palbar JD & Tam K (2023) 'CERP: A Maritime Cyber Risk Decision Making Tool' TransNav: International Journal on Marine Navigation and Safety of Sea Transportation 17, (2) , DOI Open access
Tam K, Walter M, Barrett A & Walker D (2023) 'Adversarial AI Testcases for Maritime Autonomous Systems' AI, Computer Science and Robotics Technology , DOI Open access
Erstad E, Hopcraft R, Vineetha Harish A & Tam K (2023) 'A human-centred design approach for the development and conducting of maritime cyber resilience training' WMU Journal of Maritime Affairs , DOI Open access
Söner Ö, Kayisoglu G, Bolat P & Tam K (2023) 'Cybersecurity risk assessment of VDR' Journal of Navigation 1-18 , DOI Open access
Hopcraft R, Vineetha Harish A, Tam K & Jones K (2023) 'Raising the Standard of Maritime Voyage Data Recorder Security' Journal of Marine Science and Engineering , DOI Open access
Tam K, Chang B, Hopcraft R, Moara-Nkwe K & Jones K (2023) 'Quantifying the econometric loss of a cyber-physical attack on a seaport' Frontiers in Computer Science 4, , DOI Open access
Kayisoglu G, Bolat P & Tam K (2022) 'Evaluating SLIM-based human error probability for ECDIS cybersecurity in maritime' Journal of Navigation , DOI Open access
Hopcraft R, Tam K, Dorje Palbar Misas J, Moara-Nkwe K & Jones K (2022) 'Developing a maritime cyber safety culture: Improving safety of operations' Maritime Technology and Research 5, (1) 258750-258750 , DOI Open access
Visky G, Lavrenovs A, Orye E, Heering D & Tam K (2022) 'Multi-Purpose Cyber Environment for Maritime Sector' International Conference on Cyber Warfare and Security 17, (1) 349-357 , DOI Open access
Tam K, Hopcraft R, Moara-Nkwe K, Misas JP, Andrews W, Harish AV, Giménez P, Crichton T & Jones K (2021) 'Case Study of a Cyber-Physical Attack Affecting Port and Ship Operational Safety' Journal of Transportation Technologies 12, 1-27 , DOI Open access
Tam K, Hopcraft R, Crichton T & Jones K (2021) 'The potential mental health effects of remote control in an autonomous maritime world' Journal of International Maritime Safety, Environmental Affairs, and Shipping 5, (2) 51-66 , DOI Open access
Tam K, Moara-Nkwe K & Jones K (2020) 'The Use of Cyber Ranges in the Maritime Context: Assessing maritime-cyber risks, raising awareness, and providing training' Maritime Technology and Research 3, (1) , DOI Open access
Tam K & Jones KD (2019) 'Situational Awareness: Examining Factors that Affect Cyber-Risks in the Maritime Sector' International Journal on Cyber Situational Awareness 4, (1) 40-68 , DOI Open access
Tam K & Jones K (2019) 'MaCRA: a model-based framework for maritime cyber-risk assessment' Wmu Journal of Maritime Affairs , DOI Open access
Tam K & Jones K (2018) 'Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping' Journal of Cyber Policy 3, (2) , DOI Open access
Tam K, Feizollah A, Anuar NB, Salleh R & Cavallaro L (2017) 'The Evolution of Android Malware and Android Analysis Techniques' ACM Computing Surveys 49, (4) 1-41 , DOI Open access
Jones KD, Tam K & Papadaki M (2016) 'Threats and Impacts in Maritime Cyber Security' Engineering & Technology Reference Publisher Site Open access
Presentations and posters
Tam K & Jones K Tam K & Jones K 'A Cyber-Security Review of Emerging Technology in the Maritime Industry'
Other Publications

K Tam, N Edwards, L Cavallaro "Detecting Android malware using memory image forensics" Engineering Secure Software and Systems (ESSoS) Doctoral Symposium 2015 [ResearchGate]

[Thesis] Analysis and Classification of Android Malware 2016 [ResearchGate]

Personal

Personal

Reports & invited lectures

Sensr of Science - Evidence week, Speaking with MPs at Parliament July 2023

Keynote at Graz TU March 2023: https://www.tugraz.at/fakultaeten/csbme/news/events/cs-talks/cs-talks-11-kimberly-tam 

Department of International Trade (DIT) Marine Cyber Security Demo, Cyber-SHIP, 2nd March 2022

UK Marine Autonomous Systems Regulatory Working Group Meeting Jan 2022: https://app.swapcard.com/event/maritime-autonomous-systems-regulatory-conference-2022

 Supergen ORE research group chat: Cyber security in Critical National Infrastructure Nov 8th

 Cyber-SHIP 2021 Annual Symposium Oct 21&22, organiser but also speaker for 2 panels.

 MRS (Maritime Risk Symposium) 2021 International programme committee and speaker

https://nmiotc.nato.int/wp-content/uploads/2021/09/NMIOTC-5th-Cyber-Security-Conference-Tentative-Agenda-7-Sep-21.pdf

DefCon Hack the Sea. August 21 2021. https://hackthesea.org/schedule-2021/

WEBINAR: Naval Autonomy, AI and Human Factors. July 15th 2021. https://www.imarest.org/events/category/webinar-naval-autonomy-ai-and-human-factors

Emerging Challenges in Cybersecurity (BCS) June 24th 2021, https://community.computingatschool.org.uk/events/9265 

Cyber-SHIP lab Research Festival June 2021: https://www.plymouth.ac.uk/research/plymouth-research-festival/2021-cyber-ship-lab

NATO ASW Conference April 2021

Where port security meets  cyber  security (Riviera) August 4 2020. https://www.rivieramm.com/webinar-library/cyber-security/where-port-security-meets--cyber--security

"Digital perils and risks at sea" The Insurance Institute of London (Old Library, Lloyd's) 04 February 2020.

Marine Tech Expo 2018. https://www.linkedin.com/pulse/marine-tech-expo-day-1-summary-chris-girdlestone

Tam K, 6th Annual Industrial Control Cybersecurity Europe, London October 2019, panel.

Presented at the UK embassy in Athens Greece on maritime cyber-security [Hellenic Shipping News link] March 2019

Maritime Cyber Threats and Awareness Symposium, CyMar London 2 November 2018

Identifying Cyber-Threats, Devonport Naval Base Engineering & Science Forum, June 2018

Jones K, Tam K. UK Security Expo 2017, Maritime & Transport security Conference. November 2017

Conferences organised

Maritime Cyber Threats and Awareness Symposium, "CyMar" and "Cyber-SHIP symposium" 2017-2023

Related articles on the University website