By Laudia Sawer, GNA
Tema, May 14, GNA – The Public Utility Workers’ Union (PUWU) has said that the Electricity Company of Ghana (ECG) ICT department has been at the forefront of digitalizing revenue collection for decades.
PUWU said this was contrary to Vice President Dr. Mahamudu Bawumia’s accusation that the ECG staff sabotaging the government’s efforts to digitalize power revenue collection.
He said this during the Annual General Meeting of the African Anti-Corruption Agencies in Africa on May 9, 2024.
Responding to the accusations, a statement issued by PUWU and signed by Mr. Michael Adumatta Nyantakyi, General Secretary, and copied to the Ghana News Agency (GNA) noted that “the ECG ICT department has been at the forefront of digitalizing revenue collection for decades, a fact that seems to have been overlooked.”
It added that the department already spearheaded the digitalization of ECG payment systems with the roll-out of the ECG Power App and USSD (*226#) services dating back to July 2016.
PUWU stressed that the accusations of sabotage and resistance to digitalization are not only unfounded but also damaging to the morale and reputation of their hard-working members.
Responding to the specifics of the sabotage accusation, the union stated that the sophisticated ransomware attack attributed to internal sabotage has been proven to be the work of an international cybercriminal group (Lockbit), which further exonerates our members from such erroneous claims.
It added that in September 2022, the Economic and Organised Crime Office commenced a forensic audit on the ECG Power App and therefore demanded the payment platform architecture, databases, Application Programming Interface (API) documentation, and the power app custom source code, including credentials to the back-end prepayment systems.
“EOCO did not use its internal staff but had to use third-party IT professionals for the assignment. Consequently, it was not only ECG IT staff who had access to the ICT infrastructure of ECG. Could the sharing of the source code with external parties’ compromise ECG network security in relation to the scale of the September 2022 attack?” PUWU questioned.
The Union further revealed that “the first ransomware attack occurred on September 28, 2022, which took a wide scope, prompting the need to report the incident to the Cyber Security Authority, as required by regulation. The National Security thereafter took over the ECG ICT system as the attack was seen as a threat to national security.”
It added that in the midst of the takeover, the second and most severe of the ransomware attacks occurred on November 11, 2022, when, at the time, the National Security personnel had both full physical access and software administrative rights to all ECG systems, noting that the National Security arrested and detained some ECG ICT staff for days but were later released.
“We wish to state that it was the ECG ICT staff who used their system recovery strategy and worked tirelessly day and night to restore the systems and even assisted the National Security operatives on how to operate the ECG systems. The ECG ICT staff led the recovery effort with the support of the E-crime Bureau, a cyber security firm, invited by the ECG Board.”
The statement added that during the attack, personnel of the National Investigation Bureau launched an investigation into the incident, but no conclusive report on the matter has yet been heard.
Touching on revenue collection, the union stated that ECG’s financial performance is a matter of public record, as indicated in the company’s 2019 Annual Report, noting that the average monthly revenue for the period 2017 to 2019 was around GHS532.7 million, while in the 2023 SIGA-ECG Performance Contract, the average monthly revenue was GHS631.3 million as of early 2022.
GNA