Amy Robertson’s mission to study, dissect and defend against key cyberthreats knows no borders, whether she’s building a repository of tools to help defend U.S. election infrastructure or collaborating with foreign allies to help boost their security posture.
A senior cyber security engineer at Mitre Corporation since 2018 — and now also its cyber operations lead — Robertson helped U.S. state and local officials ensure election integrity and defend against misinformation in the summer and fall of 2020 by playing a key role in the curation of tools, data and content for an online repository of election security resources.
Robertson served as manager of the election resource website, continually updating an array of offerings, including links to assessment services, intel reports, tips and more related to four critical areas: cybersecurity, data sanitation/hygiene, misinformation and process/procedure.
“We leveraged key resources from across government, academic and non-profit organizations committed to election security and integrity…to enable election officials across the nation to quickly survey a landscape of offerings, assess their capability gaps, and rapidly address their prioritized challenges to enhance election integrity and security,” said Robertson.
Robertson has also conducted threat intelligence research on electoral infrastructure, as well as well as on threats to non-traditional systems and multi-platform environments. For instance, said Robertson, “I developed an approach to provide visualizations of multi-platform complex attacks to enhance understanding of adversary tactics, techniques and procedures across platforms (IT, intermediary, OT) and supported an effort to build comprehensive mappings of sub-system connections paired with potential adversary attack paths to inform risk assessments.”
On the international front, Robertson has been collaborating with international partners through Mitre's Cyber Capacity-Building program, which, in Robertson’s words, “advises and facilitates Department of State efforts to provide resources for countries to identify, prioritize, and implement cyber capabilities that support their national missions and goals.” She also previously performed similar work through support of the Department of Homeland Security.
According to her nomination, Robertson has provided guidance to foreign states in regards to “establishing cybersecurity standards, countering cybercrime, promoting a free and open internet, improving governance, and creating mechanisms for greater security and defense cooperation among like-minded partners.”
“Given the borderless, global nature of cyberspace, expanding cybersecurity capacity is not only in the interest of individual countries,” but to the entire global, said Robertson. After all, “vulnerabilities in one country can quickly impact others, and fostering resilient systems is crucial to national security” everywhere.
Robertson told SC Media that her international work has included conducting regional and nationwide cyber assessments, facilitating information and intelligence sharing, conducting incident responses exercises and developing phased cyber maturity approaches “to enhance eventual whole-of-government cyber posture.”
More specifically, her efforts toward intel sharing have included “examining some of the barriers and impediments to sharing, and assessing approaches for CTI development and maturity.” This is important because intel-sharing partnerships “are crucial to our ability as a country to respond quickly and effectively when cyber events occur,” she said.
As an official MAD (Mitre ATT&CK Defender) professor, Robertson developed the first round of content for the educational online training and certification service. This included crafting and narrating bite-sized briefings for the ATT&CK Cyber Threat Intelligence course, which was viewed by more than 10,000 cyber professions within the first three months of their publishing.
“Our goal for this training is that users will be able to leave with the ability to either operationalize ATT&CK for their specific CTI use cases, or if they’re already leveraging ATT&CK for threat intelligence, enhance their current efforts or program and further integrate ATT&CK it into their operations,” said Robertson.
Among other notable achievements, Robertson also “developed a cross-technology attack kill chain diagram of the Triton [ICS] attack” and “advised on a methodology to assess systems-of-systems using the ATT&CK Framework,” the nomination states.
The nomination also notes that Robertson participates in Mitre’s Women Lead program, and acts as a mentor and adviser to other women within the organization.
“I’ve made an effort over my career in cyber to support other women by campaigning on their behalf, offering support when needed, or [acting] as a career adviser,” said Robertson. “Our unique perspectives as women can lead to the best solutions — especially when we push boundaries. At Mitre, I’ve contributed to recruiting efforts and recently completed a program focused on providing women with the tools they need to grow as leaders, to navigate challenges throughout their careers, and to elevate other women.”