SPTIoTCoE Panel – Human-friendly strategies for IoT Security, Privacy, and Trust


Security, Privacy and Trust for the IoT is much more challenging and consequential than Internet security in general. This is due to IoT hyperconnectivity, scale, variations in device interactions, and potential vulnerability of the cyber-physical systems associated with an IoT deployment. In addition, the valuable data collected and distributed in an IoT system have a number of new vulnerabilities. The Internet security and trust management technologies we’ve used over the past years are not up to the task. But, there are a number of powerful new strategies and technologies for SPT for the IOT. These include:

  1. Zero trust approaches and explicit private networks
  2. Edge computing capabilities (Secure Access Service Edge or SASE)
  3. Secure data management platforms
  4. AI for anomaly detection, prediction, and risk management
  5. Digital twins
  6. Scalable approaches for identity and cryptographic key management
  7. Software self-defense in endpoint devices

In order for IoT SPT to scale, “ordinary people,” whether they are consumers or workers, must be able to safely, reliably, and intuitively interact with vast, complex, interconnected systems of IoT devices that use these technologies.

Users should be able to delegate trust and authority with the same level of certainty as when using purely physical, non-connected devices. For both domestic and industrial devices, technologists have a responsibility to provide people with intuitive and simple methods to accurately discern which devices and services can be relied on for their deployments, and what threats they should rationally worry about. This poses the questions:

  • How can we get to a place of relative simplicity of function where the average user has a reasonable understanding of the integrity of their connected devices?
  • How do we adapt these technologies for intuitive use by a greater number of people?
  • In the merger of IT and OT systems, will we require specialized expertise for secure systems administration, beyond the operational management of a given system?

Optimal approaches will depend on the nature of an IoT deployment, but we will discuss the power and effectiveness of each new technology, how they can work together, and how they can be used to tame complexity.


David Maher is EVP and CTO at Intertrust and has over 30 years of experience in secure computing. He is President of Seacert Corporation, the intertrust PKI a certificate authority for the Internet of Things and Co-chairman of the Marlin Trust Management Organization which oversees the world’s only independent digital rights management ecosystem. He was also President of WhiteCryption Corporation, a developer of application security software. Previously, Maher was chief scientist for AT&T Secure Communications Systems, Head of the Secure Systems Research Department, and security architect for AT&T’s Internet services platform. After joining Bell Labs in 1981, he developed secure communications, information vending, and e-commerce systems. He was Chief Architect for AT&T’s secure voice, data, and video products used by the White House and Department of Defense for top-secret communications. In 1992, Maher became a Bell Labs Fellow in recognition of his accomplishments in communications security. Maher holds dozens of patents in secure computing; has published numerous papers in the fields of mathematics and computer science; and has consulted with the National Science Foundation, National Security Agency, National Institute of Standards and Technology, and the Congressional Office of Technology Assessment. Maher holds a Ph.D. in mathematics from Lehigh University. He has taught electrical engineering, mathematics, and computer science at several institutions. Maher is currently focused on the design and development of Trust management and secure systems for Smart Grids.

Dr. Adam T. Drobot is a technologist with over forty years of experience in industry, the public sector, and in research. Today his activities include strategic consulting, start-ups, and participation in industry associations and government advisory bodies. He is the Chairman of the Board of OpenTechWorks, Inc. a company specializing in open source software. Previously he was the Managing Director and CTO of 2M Companies in Dallas, TX, from 2010-2012, and President of the Applied Research and Government Business Units at Telcordia Technologies and the company’s CTO from 2002 to 2010. Prior to that, Adam managed the Advanced Technology Group at Science Applications International Corporation (SAIC). He also served as the Senior Vice President for Science and Technology as part of his 27 years of service at SAIC from 1975 to 2002.
He has published more than 100 journal articles, and is a frequent contributor to industry literature. He currently holds 26 patents. Adam is a member of Several Corporate Boards, and the FCC Technology Advisory Council. He is on the Board of the Telecommunications Industry Association where he has Chaired the TIA Technology Committee. He is the 2007 recipient of IEEE’s Managerial Excellence Award. For the IEEE he has Chaired IEEE Employee Benefits and Compensation Committee, the IEEE Awards Recognition Council, served as a member of the IEEE Awards Board. During 2017 and 2018 he chaired the IEEE IoT Activities Board that oversees the multi-society IEEE IoT Initiative. He holds a BS in Engineering Physics from Cornell University and a PhD. in Plasma Physics from the University of Texas.

Ted DellaVecchia is Founder, CEO and Managing Partner of Symbotix, a strategy management and technology consulting group that inspires and leads digitally-enabled business change. He is also General Manager of Global Business Operations for Devvio – a blockchain software enterprise serving global entities with sustainability and Environment-Social-Governance (ESG) solutions that have positive impact on climate change and a healthy planet. Ted is a proven leader who has delivered durable, step level EBITA CAGR in all executive assignments. Examples include delivering global elements of a corporate turnaround at IBM Corporation; implementing world-wide supply-chains and accelerating market/earnings growth for Starbucks Coffee Company; and restructuring IT divisions and enterprise business capabilities for three multi-billion-dollar BlueCross BlueShield Health Insurance Companies. Since 2007, Symbotix has designed and executed comprehensive reinventions of operational capacities at several academic medical centers and large commercial payors in the domestic USA. While CEO of Symbotix, Ted was recruited to be the Chief Healthcare Strategist at Red Hat Software where he designed and co-founded “LinuxForHealth”; a sub-licensed Linux Foundation Community open-source movement. LinuxForHealth is the kernel of a comprehensive health operating system for manifesting a healthier society through deployment of decentralized and autonomous AI agents that advance a modern-day virtual-health experience for all. Ted collaborates with entities dedicated to instigating a healthier society and saving our planet; performs advisory services for early and growth stage companies; and serves as advisory board member of the IoT Community, Ted recently chaired the IEEE Group Track on Blockchain and AI in Healthcare; is an active investor with early stage digital transformation companies; frequently speaks at industry events promoting symbiotic, ethical collaborations to improve environmental, social, and governance for all; and is an evangelist for promotion of decentralized identity to enable trust in the information sharing domain.

George Young serves as both the Chief Information Security Officer and Chief Technologist, for CB Technologies, specializing in Intelligent Edge Solutions. As a domain expert in networking and cybersecurity engineered solutions, he has a strong background in many strategic and tactical areas around data protection and safekeeping, including: access control, information security governance and risk management, cryptography, security architecture and design, operations security, business continuity/disaster recovery planning, developing/enhancing information security programs, regulations/compliance (e.g., HIPPA, CCPA, CMMC, GDPR, ISO 27000), and audit execution. George has supervised emerging technology initiatives at several start-up companies and Fortune 100 enterprises, across multiple industries – where he held senior level advisory and management positions. He presently serves as a Security Technical Ambassador for an OEM, where he develops technical certification coursework and subsequent exams. He holds a Master of Science degree from Northwestern University in Communication Systems and numerous technical certifications associated with Data Security, Privacy and Trust.

Michael Liljenstam is a Principal Researcher in security at Ericsson Research. He joined Ericsson in 2007, having previously worked mainly in academic research at the Institute for Security Technology Studies, Dartmouth College, New Hampshire, USA, and at the University of Illinois, Urbana-Champaign, USA. His current focus areas are mobile infrastructure security, machine learning and security, and confidential computing. Michael has more than 30 publications in areas spanning network security, software security, and large-scale simulation, and is the inventor or co-inventor of more than 20 patents. He holds a Ph.D. in Teleinformatics (Computer Systems) from the Royal Institute of Technology (KTH), Stockholm, Sweden.