OMB guidance dating to 2018 encourages the use of bots for routine tasks such as to copy data, fill in forms, sign into applications, and send emails. Image: sdecoret/Shutterstock.com
In a report whose findings could apply to agencies in general, the inspector general’s office at the GSA has warned about new security risks arising from the agency’s adoption of robotics process automation.
“While RPA offers significant benefits, bots pose unique risks to GSA’s systems and data. Bots can perform thousands of read, write, and deletion actions at high rates of speed. This can make it difficult to identify logic and processing errors—and their associated consequences—before serious damage is done,” it says. “For example, a bot could erroneously delete or overwrite thousands of records before GSA could even identify that an issue has occurred.”
“Because bots have access to extensive amounts of data, including sensitive data, they can pose significant security risks arising from potential data exposure. Additionally, bots interact with existing GSA systems, making it critical to establish a robust RPA security environment to protect the bots, the data they interact with, and the Agency’s systems,” it adds.
The GSA, however, “did not comply with its own IT security requirements to ensure that bots are operating securely and properly”; “did not consistently update system security plans to address access by bots”; and “did not establish an access removal process for decommissioned bots, resulting in prolonged, unnecessary access that placed GSA systems and data at risk of exposure,” it said.
GSA among other agencies has been turning to increased use of such software application under OMB guidance dating to 2018 encouraging them to use bots for routine tasks such as to copy data, fill in forms, sign into applications, and send emails—freeing employees from those responsibilities for higher-level work.
The report is the latest in an emerging series from various IG offices looking at the implementation, including one from last year finding that the GSA lacked evidence behind the savings it has claimed. The GSA was using only estimates rather than actual results and further was not tracking the costs of installing and operating the bots, at least three-fourths of which resulted in no cost avoidance, it said.
Also last year the IG at HUD found that robotics process automation there is “not efficient or effective” and has “provided minimal value,” while a report on the SSA found that agency lacks the data to identify the processes and workloads where the benefit would be the highest and “has yet to determine whether bot use results in net cost saving.”
Key Bills Advancing, but No Path to Avoid Shutdown Apparent
TSP Adds Detail to Upcoming Roth Conversion Feature
White House to Issue Rules on RIF, Disciplinary Policy Changes
DoD Announces Civilian Volunteer Detail in Support of Immigration Enforcement
See also,
How Do Age and Years of Service Impact My Federal Retirement
The Best Ages for Federal Employees to Retire
How to Challenge a Federal Reduction in Force (RIF) in 2025
Should I be Shooting for a $1M TSP Balance? Depends…