Skip to menu Skip to content Skip to footer
Professor Ryan Ko
Professor

Ryan Ko

Email: 
Phone: 
+61 7 336 51092

Overview

Background

Professor Ryan Ko is Chair and Director of UQ Cyber and a member of the Academic Board at the University of Queensland, Australia. He holds a Bachelor of Engineering (Computer Engineering)(Hons.) (2005), and PhD (2011) from Nanyang Technological University, Singapore.

Ko has held senior scientific leadership, executive, and directorship roles across industry and academia, and has more than a decade of board, governance and advisory experience across government, industry and NGOs across Australia, New Zealand, Singapore, and USA.

He currently serves on the Audit and Risk Committee for the board of the global not-for-profit ORCID, and has served on boards and advisory groups for AustCyber, Queensland Government, Meat and Livestock Australia (MLA), and the NZX-listed (NZE:LIC) Livestock Improvement Cooperation (LIC).

He has also served as expert advisor to INTERPOL, the government of Tonga, NZDF, NZ Minister for Communications' Cyber Security Skills Taskforce, and one of four nationally-appointed Technical Adviser for the Harmful Digital Communications Act 2015, Ministry of Justice. He has also served as independent technical expert for court cases.

He is also Adjunct Professor at the Singapore Institute of Technology, and Affiliate Faculty Member at NIATEC at the Idaho State University, USA.

He is co-founder of Cyber Security Certification Australia (CSCAU), CyberCert, and First Watch Ltd (NZ) – an industrial cybersecurity spin-off based on his patented OT security and provenance research at the University of Waikato.

Since joining UQ in 2019, he has served as:

  • Deputy Head of School (External Engagement) (2021-2022)
  • Founding Discipline Leader of the Cyber Security and Software Engineering discipline (2020-2021)
  • Group Leader - Cyber Security (2019)

Ko has successfully established several university-wide, multi-disciplinary academic research and education programmes, including establishing and leading:

  • UQ Cyber - interdisciplinary cyber scurity research centre involving 60+ academics and their respective teams from the 6 Schools (EECS, Business, Economics, Law, Social Science, Mathematics & Physics), the Centre for Policy Futures, and 4 Faculties since 2019.
  • UQ's interdisciplinary postgraduate programme (MCyber, PGDipCyber, GCertCyber) involving four UQ faculties in 2019,
  • NZ's first cyber security graduate research programme and lab (Cybersecurity Researchers of Waikato (CROW)) in 2012,
  • NZ's first Master of Cyber Security (encompassing technical and law courses), the NZ Cyber Security Challenge since 2014, and
  • NZ Institute for Security and Crime Science – Te Puna Haumaru as its founding director, the Evidence Based Policing Centre (at Wellington with NZ Police and ESR), and Master of Security and Crime Science in 2017 with the University of Waikato, NZ.

Over his academic career, Ko has been awarded A$20+million in competitive grants as lead Chief Investigator, and ~A$40+million as co-investigator. Prior to UQ, he was the highest funded computer scientist in New Zealand, as Principal Investigator and Science Leader of the largest MBIE-awarded cloud security research funding for STRATUS (NZ$12.2 million; 2014-2018). STRATUS' research was awarded 'Gold' by MBIE (i.e. top performing project, 2017), adopted by INTERPOL and featured in NZ's Department of Prime Minister and Cabinet's NZ Cyber Security Strategy 2016 annual report.

Ko has a track record developing international and national cyber security curricula, including:

  • Co-creation of the gold-standard (ISC)2 Certified Cloud Security Professional (CCSP) curriculum (2014-2015)
  • Authoring the draft of the NZQA's Level 6 Cybersecurity Diploma qualification as part of the NZ Cyber Security Skills Taskforce on behalf of the Department of Prime Minister and Cabinet.

Ko has also experience developing competitions and coaching competitive cyber security teams, including:

  • Co-founding the NZ Cyber Security Challenge in 2014, and leading the NZCSC from 2014 to 2018. NZCSC is now the premier national cyber security competition in NZ.
  • Co-founding the Oceania Cybersecurity Challenge (OCC) in 2020, and leading the competition from 2022 to present. OCC is now the regional qualifiers for the International Cybersecurity Challenge
  • Co-founding the International Cybersecurity Challenge (ICC) as part of the Steering Committee in 2022. ICC has been held in Athens (2022) and San Diego (2023). It is aiming to be the world cup of cyber competitions.
  • Head Coach of Team Oceania for the ICC. 2022 Results: Overall 4th; 2023 Results: Overall 2nd in the world.

He contributed to the establishment of the Government of Tonga CERT and CERT NZ, and has spoken regularly on cyber and cloud security research across the globe, including the OECD, Republic of Korea National Assembly (2018), INTERPOL (2017), TEDx Ruakura (2017), and the NZ Members of Parliament (2016).

Within the ISO/IEC JTC 1/SC 27, Prof Ko was Head of Delegation for the Singapore national body, served as Editor, ISO/IEC 21878 “Security guidelines for design and implementation of virtualized servers”, and hosted the ISO/IEC JTC 1/SC 27 meetings at Hamilton, NZ, in 2017. He is currently one of the editors of the ISO/IEC PWI 5181 Data Provenance Reference Model. In 2022, Ko co-chaired the development of the Singapore standard TR 106:2022 Tiered cybersecurity standards for enterprises in collaboration with the SPSTC and Singapore Cyber Security Agency.

Ko serves as an assessor for the Australian Research Council (ARC), Irish Research Council, Nederlandse Organisatie voor Wetenschappelijk Onderzoek (NWO), and NZ MBIE College of Assessors (since 2015).

He is also an external expert for the Tertiary Education Quality and Standards Agency (TEQSA).

Ko has externally examined 11 PhD and 3 Masters theses for universities in Australia, New Zealand, Canada, Hong Kong and Singapore.

For his contributions to the field, he was elected Fellow of the Australian Computer Society, Fellow of the Queensland Academy of Arts and Sciences, and Fellow of Cloud Security Alliance (CSA) (2016). He was awarded the Singapore Government (Enterprise Singapore)’s Young Professional Award (2018) for his leadership at ISO, and awarded the inaugural CSA Ron Knode Service Award 2012 for the establishment of Cloud Data Governance and Cloud Vulnerabilities Research Working Groups. He is also recipient of the 2015 (ISC)2 Information Security Leadership Award.

For his research and teaching excellence, he was awarded the University of Queensland Awards for Excellence - Leadership (Commendation) (2023), EAIT Nominations for Most Effective Teacher (both semesters of 2020, 2021, 2022, 2023), University of Waikato's Early Career Excellence Award (2014), Faculty Teaching Excellence Awards (2014, 2015, 2018), and the Nola Campbell eLearning Excellence Award (2014). During his PhD, he was also awarded A*STAR SIMTech's Best Student Award (2009), and clinched the 1st Prize of the IEEE Services Cup 2009 at IEEE ICWS (CORE A*) in Los Angeles, CA.

Earlier in his career, Ko was a systems engineer, and subsequently founded two start-ups (one was a social enterprise which became an events/conventions management contractor with IMG at mega-events in Singapore, including the inaugural Youth Olympics in 2010).

He is an active science communicator and is regularly interviewed and featured by Australian (ABC News, SBS News, 7 News, 9 News, Courier Mail, Network 10, AFR), Singaporean (Channel NewsAsia, CNA Radio938), NZ (NZ Herald, Dominion Post, Stuff.co.nz, Waikato Times, TVNZ, Central TV) and international media on topics of cyber security, cybercrime and data privacy.

Availability

Professor Ryan Ko is:
Available for supervision
Media expert

Qualifications

  • Bachelor (Honours) of Computer Engineering, Nanyang Technological University
  • Doctor of Philosophy, Nanyang Technological University
  • Certificate of Management, Harvard University
  • Fellow, Australian Computer Society, Australian Computer Society
  • Fellow, Cloud Security Alliance, Cloud Security Alliance
  • Fellow, Queensland Academy of Arts and Sciences, Queensland Academy of Arts and Sciences

Research interests

  • Automating Cyber Security for Critical Infrastructure

    Designing cyber autonomy to empower all end-users.

  • Operational Technology (OT) Security

    Focusing on Industrial Control Systems (ICS) and related protocols.

  • Provenance and Traceability

    Applications into AgTech, IoT, Edge, Cloud Computing and OT environments.

  • Trusted Computing Applications

    Applications into agriculture, regulatory, auditing and media.

  • Data Privacy and Privacy Enhancing Technologies

    Enabling secure and private multi-party computation.

  • AI Planning/ Automated Planning

    Adapting classical AI planning approaches into cyber security.

  • Applying Situation Crime Prevention to Cybercrime Prevention

    Applying SCP techniques into processes and controls to prevent cybercrime.

  • Board and Organisational Structures for Cyber Resilience

    Understanding how factors and pressures (e.g. board composition and organisational structures, external pressures) affect an organisation's cyber resilience.

  • Creating Measurable Indicators of Cyber Resilience

    Developing a framework to quantify factors allowing senior executives to understand and make decisions about cyber resilience.

Research impacts

Ko's research in cyber security focuses on returning control of data to users. His research reduces users' reliance on trusting third-parties and focusses on (1) provenance logging and reconstruction, traceability and (2) privacy-preserving data processing. His research is adopted internationally (e.g. CERN, INTERPOL, and HP clients such as Apple, Nasa, US Treasury/IRS). His papers have received conference Best Paper Awards (2011, 2015, 2017), and resulted in several technology transfers (e.g. HP), open source contributions (e.g. Kali Linux THC) and spin-offs (e.g. First Watch). He has published in top venues including WWW (The Web), NeurIPS, DCC, ESORICS, IEEE TrustCom, IEEE Comms Surveys and Tutorials, IEEE ICWS, IEEE TDSC, IEEE TSC, Computers & Security, IEEE Trans on Smart Grid, and more than 100 publications including books, refereed conference papers, journal papers, book chapters, encyclopaedia entries, technical reports and international patents (PCT).

Recently, he is researching information integrity and cyber autonomy in critical infrastructure sectors such as energy, manufacturing, regulatory and agriculture sectors. He has served in technical programme committees for more than 30 IEEE conferences/workshops, associate editor for 6 journals, and as series editor for Elsevier's security books.

Works

Search Professor Ryan Ko’s works on UQ eSpace

167 works between 2007 and 2024

1 - 20 of 167 works

Featured

2022

Conference Publication

Positive-unlabeled learning using random forests via recursive greedy risk minimization

Wilton, Jonathan, Koay, Abigail M. Y., Ko, Ryan K. L., Miao Xu and Ye, Nan (2022). Positive-unlabeled learning using random forests via recursive greedy risk minimization. 36th Conference on Neural Information Processing Systems (NeurIPS 2022), New Orleans, LA, United States, 29 November - 1 December 2022. New Orleans, LA, United States: Neural information processing systems foundation.

Positive-unlabeled learning using random forests via recursive greedy risk minimization

Featured

2022

Journal Article

Multiscale adaptive multifractal detrended fluctuation analysis-based source identification of synchrophasor data

Cui, Yi, Bai, Feifei, Yin, Hongzhi, Chen, Tong, Dart, David, Zillmann, Matthew and Ko, Ryan K. L. (2022). Multiscale adaptive multifractal detrended fluctuation analysis-based source identification of synchrophasor data. IEEE Transactions on Smart Grid, 13 (6), 1-4. doi: 10.1109/tsg.2022.3207066

Multiscale adaptive multifractal detrended fluctuation analysis-based source identification of synchrophasor data

Featured

2022

Journal Article

Preserving privacy for distributed genome-wide analysis against identity tracing attacks

Zhang, Yanjun, Bai, Guangdong, Li, Xue, Nepal, Surya, Grobler, Marthie, Chen, Chen and Ko, Ryan K. L. (2022). Preserving privacy for distributed genome-wide analysis against identity tracing attacks. IEEE Transactions on Dependable and Secure Computing, 20 (4), 1-17. doi: 10.1109/tdsc.2022.3186672

Preserving privacy for distributed genome-wide analysis against identity tracing attacks

Featured

2022

Journal Article

An exploratory study of organizational cyber resilience, its precursors and outcomes

Tsen, Elinor, Ko, Ryan K. L. and Slapnicar, Sergeja (2022). An exploratory study of organizational cyber resilience, its precursors and outcomes. Journal of Organizational Computing and Electronic Commerce, 32 (2), 1-22. doi: 10.1080/10919392.2022.2068906

An exploratory study of organizational cyber resilience, its precursors and outcomes

Featured

2022

Journal Article

Situational Crime Prevention (SCP) Techniques to Prevent and Control Cybercrimes: A Focused Systematic Review

Ho, Heemeng, Ko, Ryan and Mazerolle, Lorraine (2022). Situational Crime Prevention (SCP) Techniques to Prevent and Control Cybercrimes: A Focused Systematic Review. Computers & Security, 115 102611, 1-24. doi: 10.1016/j.cose.2022.102611

Situational Crime Prevention (SCP) Techniques to Prevent and Control Cybercrimes: A Focused Systematic Review

Featured

2021

Conference Publication

On random editing in LZ-end

Roodt, Daniel, Speidel, Ulrich, Kumar, Vimal and Ko, Ryan K. L. (2021). On random editing in LZ-end. 2021 Data Compression Conference (DCC), Snowbird, UT United States, 23 - 26 March 2021. Piscataway, NJ United States: Institute of Electrical and Electronics Engineers. doi: 10.1109/dcc50243.2021.00074

On random editing in LZ-end

Featured

2021

Conference Publication

It’s Not Just the Site, It’s the Contents: Intra-domain Fingerprinting Social Media Websites Through CDN Bursts

Wang, Kailong, Zhang, Junzhe, Bai, Guangdong, Ko, Ryan and Dong, Jin Song (2021). It’s Not Just the Site, It’s the Contents: Intra-domain Fingerprinting Social Media Websites Through CDN Bursts. WWW '21: The Web Conference 2021, Ljubljana, Slovenia, 19-23 April 2021. New York, NY United States: ACM. doi: 10.1145/3442381.3450008

It’s Not Just the Site, It’s the Contents: Intra-domain Fingerprinting Social Media Websites Through CDN Bursts

Featured

2021

Journal Article

Source authentication of distribution synchrophasors for cybersecurity of microgrids

Cui, Yi, Bai, Feifei, Yan, Ruifeng, Saha, Tapan, Ko, Ryan K L and Liu, Yilu (2021). Source authentication of distribution synchrophasors for cybersecurity of microgrids. IEEE Transactions on Smart Grid, 12 (5) 9454123, 1-1. doi: 10.1109/tsg.2021.3089041

Source authentication of distribution synchrophasors for cybersecurity of microgrids

Featured

2020

Journal Article

Differentially private collaborative coupling learning for recommender systems

Zhang, Yanjun, Bai, Guangdong, Zhong, Mingyang, Li, Xue and Ko, Ryan K. L. (2020). Differentially private collaborative coupling learning for recommender systems. IEEE Intelligent Systems, 36 (1) 9130104, 1-1. doi: 10.1109/MIS.2020.3005930

Differentially private collaborative coupling learning for recommender systems

Featured

2020

Conference Publication

PrivColl: practical privacy-preserving collaborative machine learning

Zhang, Yanjun, Bai, Guangdong, Li, Xue, Curtis, Caitlin, Chen, Chen and Ko, Ryan K. L. (2020). PrivColl: practical privacy-preserving collaborative machine learning. European Symposium on Research in Computer Security, Guildford, United Kingdom, 14-18 September 2020. Cham, Switzerland: Springer International Publishing. doi: 10.1007/978-3-030-58951-6_20

PrivColl: practical privacy-preserving collaborative machine learning

Featured

2018

Other Outputs

ISO/IEC 21878:2018 Information technology -- Security techniques -- Security guidelines for design and implementation of virtualized servers

Ko, Ryan, Clarke, Geoff, Ramaswamy, Chandramouli, Ge, Xiaoyu and Chaudury, Abhik (2018). ISO/IEC 21878:2018 Information technology -- Security techniques -- Security guidelines for design and implementation of virtualized servers. ISO/IEC JTC 1/SC 27 Information Security, cybersecurity and privacy protection Geneva, Switzerland: ISO.

ISO/IEC 21878:2018 Information technology -- Security techniques -- Security guidelines for design and implementation of virtualized servers

Featured

2017

Journal Article

A scalable approach to joint cyber insurance and security-as-a-service provisioning in cloud computing

Chase, Jonathan, Niyato, Dusit, Wang, Ping, Chaisiri, Sivadon and Ko, Ryan (2017). A scalable approach to joint cyber insurance and security-as-a-service provisioning in cloud computing. IEEE Transactions on Dependable and Secure Computing, 16 (4) 7926340, 1-1. doi: 10.1109/tdsc.2017.2703626

A scalable approach to joint cyber insurance and security-as-a-service provisioning in cloud computing

Featured

2017

Conference Publication

The full provenance stack: five layers for complete and meaningful provenance

Ko, Ryan K. L. and Phua, Thye Way (2017). The full provenance stack: five layers for complete and meaningful provenance. 10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017, Guangzhou, China, 12-15 December 2017. Cham, Switzerland: Springer . doi: 10.1007/978-3-319-72395-2_18

The full provenance stack: five layers for complete and meaningful provenance

2024

Other Outputs

The Australia-Korea Cyber Cooperation in the Context of the Australian Cyber Security Strategy 2023-2030

Ko, Ryan (2024). The Australia-Korea Cyber Cooperation in the Context of the Australian Cyber Security Strategy 2023-2030. Korea on Point: The Korean Association of International Studies.

The Australia-Korea Cyber Cooperation in the Context of the Australian Cyber Security Strategy 2023-2030

2024

Conference Publication

Privacy-preserving and fairness-aware federated learning for critical infrastructure protection and resilience

Zhang, Yanjun, Sun, Ruoxi, Shen, Liyue, Bai, Guangdong, Xue, Minhui, Meng, Mark Huasong, Li, Xue, Ko, Ryan and Nepal, Surya (2024). Privacy-preserving and fairness-aware federated learning for critical infrastructure protection and resilience. WWW '24: ACM Web Conference 2024, Singapore, Singapore, 13-17 May 2024. New York, NY, United States: ACM. doi: 10.1145/3589334.3645545

Privacy-preserving and fairness-aware federated learning for critical infrastructure protection and resilience

2024

Book Chapter

AI for designing responsible and resilient food systems

Ko, Ryan, Gain, Alexandria, Bongiovanni, Ivano, Browne, Will, Jarkas, Omar, Uhlmann, Kora and Viller, Stephen (2024). AI for designing responsible and resilient food systems. Food AI: A game changer for Australia’s food and beverage sector. (pp. 69-78) edited by Janet R. McColl-Kennedy and Damian Hine. Brisbane, QLD, Australia: The University of Queensland, Australia's Food and Beverage Accelerator (FaBA). doi: 10.14264/f5f35d0

AI for designing responsible and resilient food systems

2024

Conference Publication

Scp-bp framework: situational crime prevention for managing data breaches in business processes

Miao, Cheng, Ho, Heemeng, Tsen, Elinor, Gilmour, John and Ko, Ryan K. L. (2024). Scp-bp framework: situational crime prevention for managing data breaches in business processes. Business Process Management 22nd International Conference, BPM 2024, Krakow, Poland, 1-6 September 2024. Cham, Switzerland: Springer Nature Switzerland. doi: 10.1007/978-3-031-70396-6_26

Scp-bp framework: situational crime prevention for managing data breaches in business processes

2024

Journal Article

Utilizing cyberplace managers to prevent and control cybercrimes: a vignette experimental study

Ho, Heemeng, Gilmour, John, Mazerolle, Lorraine and Ko, Ryan (2024). Utilizing cyberplace managers to prevent and control cybercrimes: a vignette experimental study. Security Journal, 37 (1), 129-152. doi: 10.1057/s41284-023-00371-8

Utilizing cyberplace managers to prevent and control cybercrimes: a vignette experimental study

2024

Other Outputs

PRISMA Results for Using Situational Crime Prevention (SCP)-C3 Cycle and Common Inventory of Cybersecurity Controls from ISO/IEC 27002:2022 to Prevent Cybercrimes

Ho, Hee Meng, Ko, Ryan, Mazerolle, Lorraine and Miao, Cheng (2024). PRISMA Results for Using Situational Crime Prevention (SCP)-C3 Cycle and Common Inventory of Cybersecurity Controls from ISO/IEC 27002:2022 to Prevent Cybercrimes. The University of Queensland. (Dataset) doi: 10.48610/71aa67b

PRISMA Results for Using Situational Crime Prevention (SCP)-C3 Cycle and Common Inventory of Cybersecurity Controls from ISO/IEC 27002:2022 to Prevent Cybercrimes

2024

Journal Article

Using Situational Crime Prevention (SCP)-C3 cycle and common inventory of cybersecurity controls from ISO/IEC 27002:2022 to prevent cybercrimes

Ho, Heemeng, Ko, Ryan, Mazerolle, Lorraine, Gilmour, John and Miao, Cheng (2024). Using Situational Crime Prevention (SCP)-C3 cycle and common inventory of cybersecurity controls from ISO/IEC 27002:2022 to prevent cybercrimes. Journal of Cybersecurity, 10 (1) tyae020. doi: 10.1093/cybsec/tyae020

Using Situational Crime Prevention (SCP)-C3 cycle and common inventory of cybersecurity controls from ISO/IEC 27002:2022 to prevent cybercrimes

Funding

Current funding

  • 2023 - 2027
    Secure and Ethical XR Based HSE Training for First Responders in Crisis Situations
    CSIRO
    Open grant
  • 2021 - 2024
    Linking Digital Payments to Crime Using Bid Data Machine Learning Tools (ONI NISDRG grant administered by Griffith University)
    Griffith University
    Open grant

Past funding

  • 2024
    Quality Assurance & Testing of Classic A. I. Based Password Assessment Mechanisms
    DETACK GmbH
    Open grant
  • 2022 - 2023
    Algorand Centre of Excellence (ACE) on Sustainability Informatics for the Pacific (administered by Monash University)
    Monash University
    Open grant
  • 2022 - 2023
    Lean design workshop to understand future challenges for horticulture production in tropical and subtropical regions of Australia
    Horticulture Innovation Australia Limited
    Open grant
  • 2021
    Development of quality assurance technologies for meat processing plants
    Innovation Connections
    Open grant
  • 2020 - 2023
    Massive static and real-time datasets for cyber security research and digital competitiveness
    Data 61 - University Collaboration Agreement (DUCA)
    Open grant

Supervision

Availability

Professor Ryan Ko is:
Available for supervision

Before you email them, read our advice on how to contact a supervisor.

Supervision history

Current supervision

Completed supervision

Media

Enquiries

Contact Professor Ryan Ko directly for media enquiries about:

  • AI for Cyber Security
  • Cloud Computing Security
  • Critical infrastructure security
  • Cyber Attack Attribution
  • Cyber Crime
  • Cyber Security
  • Cybersecurity
  • Data Accountability
  • Data Control
  • Data Privacy
  • Data Provenance
  • Data Tracking
  • ICS Security
  • Industrial control systems security
  • Information Security
  • Privacy enhancing technologies

Need help?

For help with finding experts, story ideas and media enquiries, contact our Media team:

communications@uq.edu.au