Defense agency surmounts ‘big’ security challenge for robotic process automation

A successful proof of concept should pave the way for widespread government use of unattended bots to perform routine tasks and processes, according to an agency official.
(Getty Images)

The Defense Logistics Agency has finished a robotic process automation proof of concept that’s the first of its kind in government, allowing unattended bots to operate around the clock.

RPA is software that mimics the keystrokes and mouse actions of workers to automate transactional tasks and processes — like moving name and location information from a spreadsheet to an enterprise resource planning (ERP) system. DLA estimates RPA will save its employees about 50,000 hours in its first year by taking over routine functions.

But until now, most agencies have used attended bots given credentials from the laptop of the person they’re working with — as long as they’re on the clock.

“We want bots to run 24 hours a day,” John Lockwood, RPA program manager at DLA, told FedScoop. “And we need the bots to have access when the individual isn’t there.”


But for the last 10 years, “we’ve been anti-bot,” Lockwood added.

Office of Management and Budget memo 18-23 and President Trump’s proposed 2020 budget proposal direct agencies to use RPA, and Federal CIO Suzette Kent has launched reskilling efforts to address the impacts of automation on the workforce.

The Department of Defense relies on public key infrastructure (PKI) to verify that an employee is accessing its network, and some sites are common access card (CAC) enabled. Other agencies use personal identity verification (PIV) cards instead.

The IT had to be tweaked so unattended bots could make use of PKI to access CAC-enabled sites — a “big challenge” that took nine months to surmount, Lockwood said. Essentially, the bot had to be duplicated to have its own persona and access.

On May 6, DLA successfully had an unattended bot run on its own certification by reaching out to the agency’s ERP system, where it has an account, to receive its own credentials granting it access. The use case involved UiPath’s RPA platform and SafeNet’s hardware.


The proof of concept paves the way for full implementation of RPA across agencies, which can choose to use an unattended or attended bot based on the work.

“Not only are we replacing processes with robots, but new processes are coming on board,” Lockwood said.

DLA automated five processes in six weeks to help handle all the data associated with standing up G-Invoicing, the Department of the Treasury’s solution for money transfers between agencies.

The agency also created a bot to clean up spreadsheets so names of employees are standardized during onboarding and computer access can be more easily granted.

RPA will help DLA respond to audit requests because, when a bot grabs information, all the steps are logged with time stamps, Lockwood said.


Lockwood said a lot of agencies have created attended bots using individuals’ CACs. DLA intends to release a white paper in the next couple months allowing those agencies to use its RPA solution to operationalize unattended bots and will be sharing use cases and code, he added.

Long term, DLA is looking at areas where getting information was “just too human intensive” but a bot could do the work cheaper and with faster computing power, Lockwood said.

“Finally, we expect to see bots be a tool to utilize our management system and to utilize future artificial intelligence,” he said.

Latest Podcasts