The October 2020 cybersecurity incident at Saskatchewan Polytechnic is still affecting the institution. While most of the school’s problems have been addressed, challenges remain for the school.
Cheryl Schmitz, chief financial officer and vice president administrative services, spoke Thursday to go through what has happened since.
“We cannot speculate about the intent of the cyber security incident, in fact we may never know,” she said.
“The investigation done by our external experts has found no evidence that any personal information was taken. The law enforcement file remains open and we will cooperate in any way requested. In the meantime we remain focused on completing the phased and secure restoration of service,” Schmitz added.
The incident began when malware was launched from a malicious email attachment.
Schmitz said that no ransom was paid for the malware.
“We never had any contact with the individual or individuals responsible for the cyber security incident but we are not prepared to comment further on the technical aspects of this incident.”
Restoration work is still underway and a final cost of the incident has yet to be determined. Schmitz added that there was no specific date when that information will be shared.
External experts found no evidence that any personal information was taken.
“We worked with leading experts who have significant experience in recovering from cyber security incidents. This work is confidential so we won’t be commenting any further on that part of the investigation,” Schmitz said.
Schmitz said the cautious and phased approach to securely restoring systems was successful. The majority of online services and systems are now available to students and employees
“Services may not be offered in the same way they were prior to the incident as our website, online learning environment and email servers were all impacted. Updates for students have regularly been shared on social media and campusupdate.ca,” she said.
Campusupdate.ca was used by Saskatchewan Polytechnic after the incident to keep communications open as the saskpolytech.ca website was down.
She said that approximately 100 email updates have been shared with employees and students since October.
“Our faculty found innovative ways to ensure our students could continue their studies and we had employees at the institutions working around the clock, seven days a week to help restore services and support students through this situation and we do not take this support lightly,” Schmitz added.
She thanked the students and employees for their handling of the situation and the understanding and patience they have shown during a tough academic year complicated further by the COVID-19 pandemic.
Work, she said, has been done around the clock to restore services.
“Saskatchewan Polytechnic has made excellent progress securely resuming services using a very cautious and phased in approach. Our top priority has always been our students and their learning experience. Online learning platforms were prioritized and restored as quickly as possible. Saskatchewan Polytechnic has taken this cyber security incident very seriously.”
During the early days of the incident communication was a problem, as emails could not be responded to in a timely manner.
“Saskatchewan Polytechnic’s response has been a team effort with support from external cyber security experts and vendors, which support various systems and online services. We want to thank you for your help and expertise,” Schmitz said.
The restoration process was challenging because of the complex and large nature of the school.
“Good progress has been made every day. Saskatchewan Polytechnic has always been and will continue to be committed to the education of our students. We are also committed to offering an education in a secure and safe manner,” she said.
There was no anti-virus software installed on personal computers of students, but enhanced authentication methods are in place for all users. No personal computers owned by faculty and staff were impacted by malware. There has been no assessment of personal computers of students, but there is nothing to suggest that any personally-owned student computers would have been impacted by any malware related to the cybersecurity incident.
The PowerPoint outlined an entire history of the incident and steps taken until today.
After the Oct. 30 attack, emails were sent to all employees and students asking them to not use computers or laptops. The system was then shut down as per the institution’s IT protocol. They then engaged the external cybersecurity experts. A media statement and social media were used to inform students of the incident and class cancellation. A dedicated website was launched.
The institution focused on immediate issues and communications from Oct. 31 to Nov. 5.
They introduced alternate communications methods such as campusudpate.ca and a phone and text tree, informed law enforcement, restored Zoom and MS Office and installed antivirus software.
From Nov. 5 to Nov. 24, they focused on the return to learning. This included a return to online classes, staggered return of in-person classes and faculty access to learning technology platforms. The saskpolytech.ca website and student portal was then restored with limited functionality and employee SharePoint sites were also restored. They also implemented multi-factor authentication, reinstated public on-campus Wi-Fi and restored toll free support services phone line.
Beginning Nov. 24 until today, remediation of the incident has been the focus. This includes online applications for full-time programs and phone applications for Continuing Education programs, tuition payments and refunds, acceptance letters, grades, class schedules and high school transcripts.
There was also mandatory password changes and additional phishing email awareness training. Full functionality has currently been restored to the bookstore, student awards and saskpolytech.ca
Steps taken to increases online security by Saskatchewan Polytechnic include new antivirus software for computers and laptops, multi-factor authentication for online services, mandatory password changes and additional information on spotting phishing emails.