The Cyber Edge Home Page

  • The Defense Information Systems Agency (DISA) is developing robotic process automation solutions to automate some computer security authorization processes, which will reduce workloads and offer efficiencies to warfighters, such as to the airmen from the 4th Communications Squadron at Seymour Johnson Air Force Base, North Carolina, who are responsible for authorizing and supporting about 7,000 computer users at the base.  U.S. Air Force photo by Airman 1st Class Kimberly Barrera
     The Defense Information Systems Agency (DISA) is developing robotic process automation solutions to automate some computer security authorization processes, which will reduce workloads and offer efficiencies to warfighters, such as to the airmen from the 4th Communications Squadron at Seymour Johnson Air Force Base, North Carolina, who are responsible for authorizing and supporting about 7,000 computer users at the base. U.S. Air Force photo by Airman 1st Class Kimberly Barrera
  • Airman 1st Class Tristan Williams, USAF, 4th Communications Squadron, communications focal point client systems technician (left), and Timothy Leineke, computer support technician for the squadron, examine ways to remotely add computers to the network at Seymour Johnson Air Force Base, North Carolina, in September 2020. DISA is developing robotic process automation solutions to aid such security authorization processes, saving time and workloads.  U.S. Air Force photo by Airman 1st Class Kimberly Barrera
     Airman 1st Class Tristan Williams, USAF, 4th Communications Squadron, communications focal point client systems technician (left), and Timothy Leineke, computer support technician for the squadron, examine ways to remotely add computers to the network at Seymour Johnson Air Force Base, North Carolina, in September 2020. DISA is developing robotic process automation solutions to aid such security authorization processes, saving time and workloads. U.S. Air Force photo by Airman 1st Class Kimberly Barrera

Demand Jumps for Robotic Process Automation at DISA

The Cyber Edge
October 1, 2021
By Kimberly Underwood
E-mail About the Author

The agency’s Emerging Technology Directorate looks to deploy it on a bigger scale.


The Defense Information Systems Agency is embracing robotic process automation, and it is implementing several steps. The agency is training a cadre of developers, and it is also creating a platform and code library and establishing practices and methods—all to internally improve how it delivers robotic process automation across the agency. By using automated software robots, or bots, that can perform rules-based processes, the Defense Information Systems Agency (DISA) aims to reduce the workload for humans that conduct repetitive tasks across the agency’s financial, public relations, procurement and other offices.

DISA’s Emerging Technology Directorate, whose role it is to examine and develop advanced capabilities, is beginning to build the robotic process automation (RPA) solutions, reports the director of the Emerging Technology Directorate, Stephen Wallace.

“We’ve jumped into robotic process automation,” says Wallace. “Inside the Emerging Technology Directorate, we’re working to build an RPA practice for the agency, concentrating on a lot of internal processes that need automating, and trying to take that human repeatability aspect out of things. We are still in the early stages with this, probably just between crawling and starting to walk. So, the scale isn’t all that large yet, but the interest from the agency is tremendous. As we are standing this up, we currently have much more demand than we have capability to deliver on. It’s great, because we see it growing pretty rapidly. We are just starting to scratch the surface.”

The directorate’s initial focus is to validate the time and cost savings that RPA can offer. “Right now, we are using our internal resources within the Emerging Technology Directorate to stand this up and demonstrate value,” Wallace says. “That is the initial goal. If we can demonstrate value, then funding typically becomes an easier discussion at that point. We haven’t gotten that far, but this is what our directorate is built for.”

RPA is most known for enabling efficiencies in business or so-called back-office processes, and the same is true for some of DISA’s early automated applications in the procurement office and the chief financial officer’s (CFO’s) department, Wallace notes.

“We are really looking at a lot of the back-office processes across the board, whether that be in our procurement directorate and the way that they develop some of the procurement packages and processes,” he shares. “Our financial organizations within the agency actually have been using RPA for a number of years. They’ve seen dramatic increases in productivity with person-hours cut just by the optimization that RPA brings to the table.”

Another organization that is applying RPA is DISA’s Public Affairs department. Long gone are the days of using scissors and tape to cut clippings from newspapers and magazines in tracking news coverage of DISA, but even the requirements in more recent days of staff searching the Internet for articles about the agency takes time out of every day. As such, the directorate saw an early use case for RPA to speed up and lighten the public affairs team’s workload, Wallace says.

“Our public affairs office produces a ‘DISA in the News’ email every day, which goes out to the senior staff,” Wallace explains. “It takes someone about two hours a day to put that together. They go and scour the web and bring together a number of different articles and clean it up and share it with the staff. Now, we’ve got that process cut down to about 30 seconds. That is a dramatic time savings. And that was, frankly, a fairly simplistic bot, one of our first ones that we used to ‘dip our toes into the water,’ if you will. It is those kinds of gains that we are seeking, where you are taking some of these repetitive tasks and you’re able to just crank through it.”

RPA is a welcome addition in place of other traditional processes, such as when applied to circuit billing management, Wallace continues.

“One of the other bots that we are still in the early stages of working on is for a lot of our circuit management, where we are looking at the costs of circuits or the billing,” he states. “The expected billing and the actual billing sit in two different systems. Right now, it is incumbent upon a human to bounce back and forth between the systems, making sure that the numbers match the circuit ID [identification] and everything marries up. The human does their very best to do that efficiently and effectively, but you do run the risk of numbers being transposed or something being missed or maybe one line is off. A bot, however, will do it the same way consistently. So long as the bot is built well, you’ll get the same result every time in a very repeatable manner.”

In addition, the agency is beginning to apply RPA to its security authorization processes. “Another example is where we have our authorizing official, our senior security person who authorizes systems and users to be on the network,” he adds. “You submit your security package when you stamp a new system and then a person goes and reviews that for completeness to make sure that all the elements are there.

That takes time on the part of that authorizing official’s office, to scan the documents to make sure everything is complete.”

Wallace acknowledges that the application of software automation to DISA’s security authorizing processes is a more complex use of RPA, “but that is one of the areas that we want to shoot for as well,” he notes. “It gives the authorizing official a better package in the end, and then the program gets a quicker turnaround.”

And as is necessary with any move to a new technology, the agency has had to address the initial cultural shifts needed for greater trust in and adoption of RPA, Wallace states. It helps to look for an amenable group of early adopters, and it works even better if the technology, when successfully applied, will directly reduce their workload.

“Thus far, it’s been really well received,” he offers. “But we specifically targeted some folks that we knew were more forward-leaning, who would be more receptive to newer technologies. We worked with them to introduce the capability and walk through it.”

The directorate learned from the CFO departments’ earlier experience with computer automation capabilities. “When our CFO’s office adopted RPA a few years ago, they saw the same thing,” he observes. “The folks that were forward-leaning, they were all in. They saw the value of minimizing the repetitive processes. Then there are others that culturally you have to show and prove it to, and then they’ll come around. Inevitably, you are also going to get some folks that are maybe a little bit more resistant. They are worried that the automation will disrupt their work or potentially create larger problems. These are the ones that over time you just continue to demonstrate the capability to, as you don’t want to force it upon them, but you can typically bring them around.”

The directorate’s team also learned that they needed to enhance the way in which they worked with DISA organizations to identify RPA needs, as part of the so-called discovery phase, Wallace explains.  

“The way that we view the discovery phase when working with the organizations [has improved],” he states. “Before, we were asking the organizations to tell us, ‘How do you do X, Y and Z,’ and expecting them to fill out some forms and basically create the guidance for us that we would then work off. What we’ve actually learned to do is to have one of our teams sit with the organization that is requesting the bots. We have a [Microsoft] Teams [video] meeting and then we record the session using screen sharing. And we have them walk us through the efforts so that we can see in real-time the way that they have to interact with their system. What we can do from there is take that back and analyze it, walk step-by-step through the processes and then start building the bots. It has made us a lot more efficient.”

As far as other Defense Department organizations that the directorate has turned to for advice, Wallace lists the Defense Logistics Agency, or DLA, and the Army Corps of Engineers as their top resources in figuring out how to build and operate effective bots, as well as how to manage the cultural side of the emerging technology adoption.

“There is a lot of good work with respect to RPA going on in the [Defense] Department right now,” he offers. “DLA is probably the furthest along with respect to their RPA abilities. We’ve met with them a number of times to try to glean as much as we could from them, and they have taught us several things that have gone into our development work. And we are working with the Army Corps of Engineers’ Advana team. We are actually leveraging their platform in order to get this done. We are trying to leverage as much from the department as we can, versus trying to plow brand new ground.”

The goal of the directorate is to have RPA solutions, the code library and other bot infrastructure up and running within the next year, and then they will likely move the capabilities elsewhere within the agency, Wallace says. “It won’t live forever within the Emerging Technology,” he offers. “We are just trying to launch it.”

The directorate also is considering how other technologies could fit in with RPA, particularly artificial intelligence or machine learning. “In the industry, RPA is generally regarded as a sort of stepping stone to AI [artificial intelligence],” Wallace continues. “You can actually start to have the bot make decisions a bit more intelligently based on the feedback that it is getting from the application that it is interacting with. We’re not there yet; maybe in the next year or so we will see more advancements toward that end. We haven’t started to dabble in the AI implementations of RPA yet.”

In addition, Wallace’s RPA team is unveiling a rapid patch prototype that has an RPA component, which they created in conjunction with the Defense Innovation Unit. “We are exploring ways in which we can patch the systems more quickly than with our traditional methods,” he states. “Then we want to be able to validate the fact that the patch actually worked and worked well. The RPA component comes in after the patch is applied, to perform the component testing, the post-patch testing, if you will, to validate that the patch didn’t break anything within the system, and that it was properly applied.”

And while creating RPA capabilities is a newer endeavor for the agency, its development is certainly achievable, and Wallace encourages other agencies to consider RPA. “It is a different software, and it sometimes is a different way of thinking,” he offers. “But what we are finding is that people with general scripting skills can adapt very quickly and can become bot developers reasonably easily. It is not a very heavy lift for an organization.”

See also:

DISA Applies AI to Network Defense

Making Sense of Intelligent Bots

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Departments: 

Share Your Thoughts: