NASA working on RPA security plan to set unattended bots in motion

Three years into its work with robotic process automation, the NASA Shared Services Center scored some “quick wins” fielding bots to streamline tasks for the agency’s chief information officer and chief financial officer.

Pam Wolfe, the chief of NASA’s Enterprise Services Division, said automation has played a key role in an agency-wide mission realignment to rethink all of its major lines of business.

Now the agency’s shared service center has taken the next step, working through extra layers of security and credentialing to field unattended bots.

So far, NASA has six unattended bots in production and another six going through testing and development.

Advertisement

But to build momentum on this effort, Wolfe said the agency is working on an agency-wide RPA security plan. That plan, she said, will give internal systems administrators all the details they need on an unattended bot’s security vetting, how the bot will access certain systems and what the bot will do with the information it gathers.

Wolfe said last Thursday in a webinar hosted by UiPath that the strategy looks to streamline many of the conversations her office has had with systems administrators when fielding bots.

“There are many systems used across the agency, and when you began an automation using a system for the first time, there’s a lot of a lot of information and dialogue with that system owner to get them confident in the technology, and what the technology will be doing when it accesses their system,” Wolfe said. “It’s been a lot of convincing to let system owners realize that these bots are only doing a user interface just like a human, that you’re not changing the system, they’re not doing anything to the code in the system. And yet, every time we introduce a new system into an automation, we’ve had to go through this again.”

Read more: Technology News

Unattended bots only make up a small portion of NASA’s bot portfolio. Wolfe said her office has 55 total automations in production, 16 in development and another 47 in its pipeline.

The RPA security strategy will also reflect some of the back-and-forth between the officials who field bots, the financial auditors who rely on the bots and security personnel who need insight into what the bots are accessing.

“Auditors really like the thought of unattended bots because they can see that there’s a bot in the environment that’s performing that function. An attended bot uses the credentials of the individual, and therefore you don’t really necessarily realize that there is an automation being performed as those transactions are occurring,” Wolfe said.

However, she said security personnel prefer attended bots because of some of the security issues around unattended bots. And from this back-and-forth with personnel working with the bots, Wolfe said her team has gained new insights.

Auditors, she said, had asked some “valid questions” about how they can validate whether someone has the right credentials to send an email that triggers a bot to begin work. As a result, Wolfe said the bots’ control logs now capture who initiated a process and validates whether that individual had the credential to perform that function.

That added capability, she said, “has gone a step further in validating and then having the comfort level that we are truly managing this from an internal control perspective.”

GSA helps agencies ‘kick the tires’ on bots

Meanwhile, the General Services Administration continues to push out new bots and to help customer agencies get up to speed with automation.

Anthony Cavallo, GSA’s RPA factory lead, said the agency just saw its 48th bot recently go into production. Another 16, he said, are in the pipeline, and 27 bots remain in development.

From end-to-end, GSA’s bot production has three components – a marketing team, an intake assessment and a bot development team.

The marketing team includes expertise from GSA’s Public Buildings Service and Lean Six Sigma experts that help get the word out about RPA to customer agencies.

From there, the intake assessment team determines whether an agency’s can improve its workflows through automation, and answer 20-to-30 questions to help make that determination.

Once a project gets greenlit, the development team keeps the customer agency in the loop with the design of the bot, and helps “kick the tires on the automation.”

“A lot of times when we get into it, the system owners like to be part of that testing as well. They can look on their side of the system [and see] any performance issues as we run the bot, and that kind of gives them further assurance that the bot isn’t really doing anything more than what a human’s doing in there, and there really isn’t that much additional system strain on their platform,” Cavallo said.