An International Expert in Information Security, Professor Godfried Williams, has advised the Electricity Company of Ghana (ECG) not to rule out cyber attacks on its system.
He noted that the disruption of services clearly showed that the ECG did not have a robust cyber resilient plan in place to respond to attacks of such nature.
In an interview last Sunday on how the ECG could secure its system, Prof. Williams — who is the Chief Executive Officer (CEO) of Intellas, an IBM Business Partner — said with a resilient plan in place, the ECG could have still provided services to clients despite the attacks.
Breaches
Giving further details, Prof. Williams said the cyber breaches could be caused by internal or external sources.
He explained the idea that it could come from outside might not always be the case because there might be attackers who operated internally.
“But the only thing which is obvious is that there is a denial of service, which means that the systems have been attacked.
“The way out is to prepare ahead, but in situations that you are not prepared and it happens in real time, you need to face the consequences like what we are seeing with ECG today,” he said.
Key actors
The information security expert said the problem was no longer a wholly ECG burden, emphasising that there was the need for the involvement of all key actors to solve the situation.
That, he said, was because when attackers succeeded in their quest in a particular country, the trend was that they made several efforts at others because they could see more vulnerability in the system.
“And so, this may be just the beginning, and we need to brace ourselves and prepare ahead,” he stated.
Protecting threats
To protect against the threats, Prof. Williams said there should be collaborative efforts among businesses, institutions, experts and regulatory authorities in the cyber space to create an enabling environment that would help them guard against vulnerabilities to cyber attacks.
He explained that the collaboration should precede the creation of a robust cyber security ecosystem that thrived on consistent engagements among relevant stakeholders and championed by the Cyber Security Authority (CSA).
Prof. Williams said recent instances of attacks demonstrated the necessity for industry-wide collaboration to fight against the threats.
The attacks, he said, often had significant impacts with regards to financial losses to the affected entity and its clients, and so it required firms to build cyber resilience.
He added that in building cyber resilience, firms needed to anticipate, predict, detect and protect their key infrastructure from attacks.
Background
Many homes in the country have been plunged into darkness after the ECG’s prepaid metering system failed to render services to its consumers from Monday, September 26, 2022.
According to a press statement issued by the ECG on Wednesday, September 28, 2022, the electricity distributor admitted to experiencing technical challenges which had affected prepaid metering systems, thereby interrupting the vending of prepaid electricity credit across the country.
“Affected customers should please note that our ICT team is working assiduously to correct the anomaly and restore the system to normalcy,” the statement said.
However, five days after the issue of the statement, consumers were still reported to be stuck in darkness as they were unable to load power credit to their prepaid system.
Source: Graphiconline