Robots do not have a hidden agenda. They don’t have any ill intent to do anything harmful or suspicious. But the reality is that robots are developed and used by people, and these individuals can make mistakes or have ulterior motives.
Governments need to ensure that protections are in place to prevent unauthorised users from accessing robots. One way they can do this is by creating a clear log of all automated actions.
Kevin Mooney, Global Security & Compliance Lead at UiPath and Matthew Tan, Presales Leader, Southeast Asia at UiPath, share the best methods for building robots that will deliver secure services for citizens.
The risk with robots
The primary use of robots is to move data from one system to another, reducing the amount of manual tasks for government staff. But security vulnerabilities can arise when agencies fail to validate the systems where data is being transferred, highlights Mooney.
Hackers could be in charge of an unvalidated location for government data transfer, he warns. Because robots do things automatically, they may not necessarily know that this is a security risk.
Another challenge is that auditing the behaviour of robots can be difficult. It is challenging for humans to conveniently view a robot’s actions when they are not labelled accurately, it’s systems are complex, or it is spread across multiple machines, Mooney says.
It also “ends up being hard to keep track of” user accounts whether they are in cloud security or regular IT. If staff lose the password or they become compromised, these accounts offer hackers an opportunity to gain access to sensitive data.
3 steps for safer robots
Think of cybersecurity as traffic rules. Preventive measures are like stop lights or speed bumps, and can stop unauthorised activity. And if an individual does break the rules, detective systems act as the “police officers who give a ticket”, Mooney says.
The first step for safer development is implementing detective systems to ensure robots are functioning as intended. These systems will analyse a bot’s previous actions, making sure that its behaviour follows the set plan, he explains.
Detective systems will also inspect the IT structure, making sure unusual activity is flagged for security teams to follow up on. These activities include robot users on unauthorised machines, or multiple failed login attempts, Mooney notes.
The second step is analysing the code used for robot development. This will help identify common mistakes that humans make in creating code, ultimately reducing the overall number of security vulnerabilities, he continues.
The challenge, however, is that it can be hard to find talent with experience in analysing code for robots, Mooney shares. UiPath offers tools that make robotics code easier to analyse, so agencies can still make sure they are built safely.
The third step is taking account of who is developing the robots and where. Regular users shouldn’t be given the ability to interfere with robot development, for instance, he says.
Robots should also be built in a secure location. Government agencies must identify whether the development is happening on a separate network for example, and whether this meets the requirements of their security framework.
Finding solutions and building the right talent
As public agencies increasingly turn to robots to lift workloads, they should take the same precautions as they do when rolling out new digital tools. No government would release a digital tool without first reviewing its code or testing it rigorously, Tan says.
For agencies that are new to robots, UiPath shares advice on how other governments have adopted robots, and can pass on their expertise on how to create seamless services.
For agencies with more experience with robots, UiPath can help integrate AI and expand its uses. Its experience working with a broad range of organisations can help to tackle particularly tricky processes, Mooney highlights.
UiPath also helps the workforce who will use these systems. Government staff will be encouraged to learn more about robots and then apply these skills in their departments through a Centre of Excellence.
The Centre of Excellence is a body within the government organisation that can give advice and act as “champions of the automation process”, explained Tan.
Robots offer a boost to workplace productivity and efficiency in government. But without the right protections, they become valuable resources for hackers. Creating a system of thorough checks and finding the right support will help governments to keep their robots secure.