Providing adequate protection for critical infrastructure- electricity, railways, hospitals as well as defense systems- from criminals including cybercriminals has become a priority of many countries in recent times. In that sense, infrastructure security policies of these States have reflected adequately measures which ensure full protection of critical infrastructures. The architecture of these policies dovetails technology and military strategies to guarantee maximum results.
Though this practice is not prevalent in developing countries, they have gained significant traction owing to the debilitating effects that not having a well-engineered infrastructure security policy could result in.
Moreover, the emphasis on critical infrastructure is because of the severe consequences a nation suffers when such infrastructure gets hacked down. Again, critical infrastructure systems do have a high degree of vulnerabilities making them an easy target of miscreants.
Often, attacks come in different forms- physical or cyber, and they are either carried out from within or from outside a sovereign jurisdiction. In advanced countries where government systems and services are fully digitalised and interconnected, systems attack(s) of any form has direr effects than in a less connected/digitalised Countries. That notwithstanding, attacks of any kind on any nation’s critical infrastructure are troubling and demands swift attention.
Grid attacks are not new. In 2015, Russia through its superior cyber capabilities hacked down the entire national electricity grid infrastructure of Ukraine [Ukraine Power Hack explained] resulting in the total shutdown of the heating system of major hospitals, schools and critical institutions. The pain inflicted on the affected citizens were excruciatingly shameful. That action also resulted in a colossal economic cost to the Ukrainian economy. Recently, in Venezuela, the national electricity network was also hacked down resulting in over a week of nationwide blackouts. This too was a cyberattack. Fortunately, the Venezuelan authorities were able to arrest six suspects who were alleged to have masterminded such gruesome act.
Regrettably, several grid attacks (physical or cyber ones) do occur daily around the world. Many notably, the cyber ones which are carried out through system phishing or malware are often averted. Physical attacks are rare because of the high potential of personal injury one could suffer for doing that. It is on this premise that I see the recent physical attempts at hacking down of Ghana Grid Company’s (GRIDCo) pylons as something severe and passes as a national security threat.
GRIDCo discovered sometime last week, that a number of its high tension infrastructure which transmits electricity has been attacked through corrosive chemical bathing. The acid bathing method is often employed to induce significant corrosion and by that cause the holding bolts and nuts to fall off after a slight force is applied to them. It is a physical activity carried out by rogues to disrupt transmission systems for political or/and economic reasons.
GRIDCo is an indispensable player in the electricity value chain of Ghana. It is a monopoly created by the central government with the responsibility for transportation of electricity from the various production sites including the Volta River Authority(VRA)- the biggest power producer in Ghana- to the Electricity Company of Ghana (ECG) [new Power Distribution Services (PDS) Limited], for distribution to the end users. Any blip to GRIDCo’s activities affects the entirety of the utility value chain and by extension the general public and also the West African countries who depend on Ghana for the supply electricity under the West Africa Power Pool (WAPP).
It is currently not known how widespread the acid bathing is and that in itself is a significant worry for the managers of the power sector as well as the security leadership. Moreover, many of the pylons are located in areas way off residences. In such locations, citizens’ supervision is weak. The rate of susceptibility of pylons located in these areas is high. GRIDCo’s assurance of reinvigoration of its security structures across the country to forestall similar occurrence is reassuring and comforting.
However, we cannot slack as additional measures are needed to reinforce system assurance. One such measure is for GRIDCo to immediately deploy drones as an alternative tool for the monitoring of the transmission lines across the country. There will also be the need to conduct a physical audit of the entire transmission systems across the country to reinforce the confidence level of the system to avert surprises.
At the same time, monitoring systems of GRIDCo need to be looked at again as we seek to attenuate the physical forms of harm to critical electricity infrastructure permanently. There is the need for a mixture of monitoring tools including digitalised systems, physical patrols, restricting access to major high tension areas, as well as utilising local area informants. Having such a combined monitoring system will inevitably impact positively on the monitoring of the critical infrastructures of the company. The benefits of such a multi-pronged approach are enormous. They also can serve as cyber monitoring tools.
Perhaps, the most crucial activity the Energy Ministry must conduct is the development of an Energy Sector Security Plan (ESSP). The ESSP is vital because of the critical nature of the sector for economic development and the preservation of our internal security. The plan must look at all the possible security concern areas; cyber, marine, physical as well as above ground threats and all other potential areas that pose risks to our energy infrastructure.
It must identify new risks, ageing infrastructure and general challenges of the sector, the opportunities and must lead to the strengthening of the resilience of the utilities. The plan must also institute protocols for the mitigation of threats as and when they occur and must cover all the utilities and all institutions whose activities impact the sector. The plan also must have in it an integrated risk Management framework to manage the key risks of the sector.
In the end, when there is no electricity, the end user (households and industries) suffers the most. There is the need, therefore, for us all to be good citizens by playing our rightful roles in the development of our beloved Republic. Our responsibility of protecting the Republic’s properties is sacred, and we must ensure we keep this creed to the latter. After all, individual interest is the interest of the State!
Author: Henry KYEREMEH | iWatch Africa | Email: firstname.lastname@example.org