The agency claims that robotic automation is unable to delete or overwrite large amounts of data without being noticed.
The Inspector General of the General Services Administration (GSA) issued a report that stated the robotic process automation (RPA) program is potentially vulnerable to security risks. The report stated that GSA had not adhered to IT security requirements necessary for the secure operation of bots. the identified Issues included failure to update system security plans to account for bot access and the removal or modification of essential security requirements. The administration was advised to follow an executive guide meant to establish a secure framework for RPA programs.
In response, the GSA contested some of the inspector general’s findings, stating that existing controls make it “technically impossible” for a bot to delete or overwrite large amounts of data unnoticed.
“We do not entirely agree with the findings,” the agency stated. “Because there is no federal guidance, as the agency has expanded to the size and scope of the RPA program, GSA has intentionally iterated on our security protocols to address new and emerging challenges in this novel space and is developing the security playbook that is being broadly leveraged across the government. GSA operational processes and capabilities have avoided any RPA-related security incidents to date.”
As the Lord Leads, Pray with Us…
- For Deputy Inspector General Robert Erickson as his office evaluates and reports security concerns within the General Services Administration.
- For Administrator Robin Carnahan and IT officials within GSA as they consider the information security concerns raised in the inspector general’s report.
Sources: FedScoop, Oversight.gov
