Dr Richard J. Thomas

UKRRIN Industrial Fellow in Data Integration and Cyber Security

Birmingham Centre for Railway Research and Education (BCRRE) and the Centre for Cyber Security and Privacy.

Profile Picture


My research involves the assessment, formalisation and development of guidance for the security of the UK and European Rail Networks, and Industrial Control Systems. I was part of the SCEPTICS project, which aimed to assist asset owners in modelling threats to their systems and improve supply chain security.

With Tom Chothia, I am now investigating how asset owners can test third-party ICS devices, review the ICS threat landscape to improve supply chain security and working with the sector to address ICS-specific cyber security challenges.

Research Highlights »


A list of my publications, with pages detailing research and accompanying code, models, datasets and traces.

Read My Publications »

Research Interests

I have a number of research interests, some which come from my field and others are personal interests which I like to maintain an active role in.

Security of Rail

Today, passenger rail journeys are increasing at a vast rate. To cope with the demands put onto an already straining network, signalling and onboard systems are being revolutionised. Do these changes allow an attacker to perform some action undetected, or affect the operation of the rail network?

Security of Industrial Control Systems

Industrial control systems contribute towards our daily lives, assisting in the generation of power and managing safety-critical systems. Recently, vulnerabilities in these platforms have allowed their operation to be impeded. Is there a way to allow operators to apply a framework to identify potential weaknesses before they are exploited?

Security of 'Internet of Things' Devices

The 'Internet of Things' is becoming ubiquitous, allowing devices to be connected to the internet, whether it be a kettle, drone or product ordering button. Do these devices hold any security posterity against the most basic of threats, and is there a way for an attacker to exploit them?

Security of GSM and Wireless Systems

GSM, as a standard is over 20 years old, with weak, broken cryptography. This standard remains in widespread use. Can these weaknesses be exploited to induce an unsafe state on systems which rely on them?