When a ransomware attack shut down computer systems at the Government of Nunavut, Canada’s largest and northernmost territory, the IT team responded with a well-coordinated strategy. But its isolation and the challenges of a harsh climate complicated technology environments, and the team wanted a coordinated toolset. It worked with Microsoft’s elite cybersecurity DART team to rebuild its network and 5,500 devices while also rolling out security solutions—including Microsoft Sentinel and Microsoft Defender for Cloud Apps—all in just weeks during an Arctic winter.
“With the new Microsoft security tools, we have end-to-end visibility and the data we need to make the best decisions at the right time. It’s been transformative.”
Martin Joy, Director of Information and Communications Technology, Government of Nunavut
Nunavut is a land of extremes—it’s Canada’s largest Territory, nearly as big as Mexico—and encompasses three time zones. Canada’s lowest temperatures are unfailingly recorded there. Yet Nunavut boasts a vibrant, if sparse, population. Home to the traditional Inuit people for millennia, today this land features a college, several Arctic research stations, and sustains a mining industry.
Based in the capital city of Iqaluit, the Government of Nunavut (GN) IT department supports users in 25 communities across the vast area. It deflects thousands of attacks a week, but on a frigid November morning in 2019, one such attack got through. With a close-knit team and concentrated support from Microsoft and other security vendors, the GN recovered. It updated its security posture with Microsoft solutions like Microsoft Sentinel, Defender for Cloud Apps, Microsoft Information Protection, Microsoft Defender for Endpoint, and Azure Active Directory (Azure AD), making it easier for security teams to protect IT systems in the challenging far north.
Waking to an IT team’s worst fear
It was 8:30 AM on a weekend when Martin Joy, Director of Information and Communications Technology at the Government of Nunavut, and Nathaniel Alexander, Manager of Network Operations, spotted the unmistakable signs of trouble. “We saw everything go dark on all of our infrastructure,” recalls Joy. “For a moment, we were in shock. Then we began assessing the situation.”
The GN IT team faces unique challenges that could account for the sudden downtime. The harsh climate, coupled with what Joy refers to as “dirty power” from the diesel generators that power Nunavut’s outlying communities, inflicts frequent outages. A plethora of events could cause those infrastructure segments to fade from Joy’s screen. But this more extensive outage was worrisome. Joy and Alexander called in their entire team.
The team began to assess each community individually after quickly taking the remaining communities offline and disabling the main communications and satellite feeds. Clearly, a ransomware attack was the cause. The government turned to Microsoft’s Detection and Response Team (DART). A part of the Microsoft Cybersecurity Solutions Group, DART refers to itself as “the team we hope you never meet,” because it targets incident response. But when the Government of Nunavut saw its command screens darken, it was grateful for the support, knowing there was a long recovery journey ahead.
Calling in the modern-day cavalry
The blended DART and GN IT team faced what turned out to be an arduous six-week process. With just nine days until the next payroll—plus another 18 days until the next payment day for Nunavut residents depending on monthly income assistance—the pressure was intensified. “We needed to follow a detailed recovery process step by step while also providing the IT services that support schools, healthcare delivery, GN payroll, and smooth functioning of the Justice Department,” explains Joy.
Deploying a suite of upgraded security solutions—while also completely rebuilding IT infrastructure for Nunavut territory—called for close teamwork. Joy insisted that total honesty and focus would be key. “Anyone working on a security recovery team like ours has to be able to be completely vulnerable and open,” he says. “We had to sit in a room with 20 men and women who were security experts, and we couldn’t be afraid to expose our logic and processes to that point. We needed to accept their advice and fully communicate.”
Rebuilding a complete infrastructure in record time
The Nunavut IT team gained a grounding in Microsoft security solutions from DART, then began deployment. IT set up a future-forward security posture, one layer at a time. Having bumped up against the limitations of a siloed security system—with separate tools to monitor networks, internet access, and internet triage—the GN IT team aimed for single-pane-of-glass visibility. “None of our previous tools gave us a complete view of our estate,” says Alexander. “Without a central monitoring solution to ingest all that disparate data, it took more work and more time to understand the threat landscape.”
Working with DART, GN IT deployed Microsoft security solutions to identify and deflect threats. It installed Microsoft Sentinel, a security information and event management solution that affords overall visibility into the enterprise threat landscape. It also set up playbooks, a Microsoft Sentinel feature that reduces attack surface roles and automates threat response with a set of remediation responses tailored to specific threats. “As we set up Microsoft Sentinel, the magic it provides with playbooks and other AI-enabled threat responses became apparent,” says Joy. Alexander agrees. “Before we deployed Microsoft Sentinel, we literally didn’t know what we didn’t know,” he says. “New alerts are showing up now, and we’re turning on additional reporting that gives us visibility across multiple tools in a single pane.” The team also deployed Microsoft Defender for Cloud Apps for visibility into apps and resources in addition to compliance checking. It rolled out Microsoft Defender for Endpoint, a cloud security solution that protects endpoints not just from external threats, but from misconfigurations and other vulnerabilities
Working with the team, Azure security consultant Arshad Sheikh helped upgrade GN’s Azure AD licenses to the P2 level. “With Azure Active Directory P2, we have increased Conditional Access functionality, which we use with Microsoft Sentinel playbooks to immediately block access from suspicious external addresses,” observes Sheikh. “That can save precious hours in repelling threats from malicious actors.”
Today, a series of interoperable Microsoft security solutions augments a tightly coordinated GN security landscape. The team quickly ingests multiple telemetry data streams from applications at scale for analysis with Azure Data Explorer. Nunavut IT automates its business-critical workflows—such as request approvals and other routine tasks—with Azure Logic Apps, an integration platform as a service (iPaaS) that creates a highly secure connection to either cloud-based or on-premises applications. It layers on Microsoft Information Protection to classify and protect documents by applying labels to content.
The recovery program was a welcome opportunity to fast-track several improvements GN IT had on its to-do list. Every device in the system would have to be rebuilt. The mammoth task of flying in technicians to deploy devices—and in some cases, hundreds of them—had delayed the project in the past. Now, however, that task had to be done. GN IT worked with DART to deploy a brand-new Windows 10 image to more than 5,000 devices. Delays caused by weather and the fact that not all communities had technicians on site meant that although the technology was rolled out and available, go live dates were staggered. But Joy can look back on his team’s accomplishment—what would have been a lengthy deployment completed on their end in less than a week—with pride. “Microsoft DART supported the actions we’d taken prior to their arrival, and helped us expedite the journey ahead,” says Joy. “We’d planned a 12-month project to decommission our old Exchange servers. That was fast-tracked to a five-day project to deploy Microsoft 365 and onboard most communities, with all of them prepared for go-live.”
Overcoming ransomware, coming back stronger
When the chips were down, cross-training and uptraining have always been a part of the core GN IT strategy—and the approachability of GN’s Microsoft security solutions amplifies that advantage. Joy was impressed by the usability inherent in the Microsoft security end-to-end suite. As an IT executive, Joy had been out of the trenches for a decade. “For me to be able to onboard myself into the Microsoft security solutions and fully function as a member of the team—to manage and monitor our landscape—speaks volumes about the ease of use and the productivity we get with the single pane of glass,” he says.
The recovery is an accomplishment that the team can look back on proudly. “We were fully back up and operational from all 2-million-square kilometers of Nunavut territory—25 communities, with 800 servers and 5,500 devices fully rebuilt and online within six weeks,” says Joy. “It took nine days to recreate our core critical infrastructure on a full rebuild and a full onboarding of Microsoft 365 with Microsoft DART. It was a seamless deployment. We had a team to be reckoned with.”
With the stressful time over, Joy and Alexander can be more confident about security. “Our network and systems teams are all-in about engaging and transforming,” says Joy. “With the new Microsoft security tools, we have end-to-end visibility and the data we need to make the best decisions at the right time. It’s been transformative.”
Find out more about Government of Nunavut on Twitter, Facebook, YouTube, and LinkedIn.
“Before we deployed Microsoft Sentinel, we literally didn’t know what we didn’t know. New alerts are showing up now, and we’re turning on additional reporting that gives us visibility across multiple tools in a single pane.”
Nathaniel Alexander, Manager of Network Operations, Government of Nunavut
Follow Microsoft