Nunavut IT department modernizes infrastructure to improve security posture
After a system outage was discovered one morning in November 2019, the Government of Nunavut’s (GN) IT team confirmed a terrible suspicion — their network had been successfully penetrated by a ransomware attack.
Files were encrypted at the desktop and server level, and operating systems were also compromised. As critical parts of the OS started to fail, some of the servers shut down.
“In order to prevent further spread, we did a full shutdown,” recalls Nathaniel Alexander, manager of network operations.
Nunavut’s IT infrastructure, headquartered in Iqaluit, comprises a series of data centres supporting 25 communities across the territory. The shutdown prevented the malware from spreading further, but then came the task of how to safely start the restoration process using data back-ups.
Martin Joy, director of information and communications technology, says he was aware of previously attempted ransomware attacks, but they were localized to a workstation. “This was something we hadn’t seen before with the lateral movement and attack methods. This was a little more comprehensive than what we’ve seen in the past.”
Rather than rebuild using their existing infrastructure, the GN IT department took the opportunity to start over with something more robust.
They contacted Microsoft, one of their existing vendors, and called in the company’s Detection and Response Team (DART) for support. The GN IT department was already working with cybersecurity firm Mandiant, who conducted an early investigation and root cause analysis of the attack. A DART team of four arrived in Nunavut several days later and set to work.
“We had to have a discussion around pain points,” says Joy. “We worked directly with the DART team and looked at all aspects of our infrastructure.”
During the days of downtime, the IT team relied on phone and fax to communicate. The first priority was getting communications up and running.
“By the end of the fifth day, we had email communications flowing again and every employee that was in the GN had access to email,” says Alexander.
The GN IT team worked with Microsoft to move from Windows 8 to 10, upgrade to a cloud-based infrastructure, and adopt solutions including Azure Sentinel, Azure Active Directory and Microsoft Cloud App Security.
“We were able to modernize all of our infrastructure, all of our servers in the span of that week and a half engagement,” says Joy. “It’s a single pane of glass, but it’s more than that, because now we’re getting threat intelligence.”
There have been no major attacks against GN’s IT infrastructure since 2019, says Joy, and the IT department has maintained its vigilance.
“Defence in depth is something that our teams are very aware of now — there are multiple layers of defensive tactics put in place. We have full visibility in our infrastructure,” he says. “Our goal is to be modern and up-to-date. There can be no compromises on how we secure the environment.”