Royal Military College weighs damage after cybersecurity attack

Open this photo in gallery:

Federal officials are assessing the damage from a cyberattack targeting the Royal Military College of Canada, the institution that trains military leaders and conducts sensitive research into warfare.

Officials are not revealing the extent and nature of the breach at the Kingston-based college, which is run by the Department of National Defence (DND) and trains officers for all branches of the military. The college’s principal, retired Brigadier-General Harry Kowal, sent all faculty a message on Saturday, saying there “has been a cybersecurity incident targeting the RMC network.”

His memo was distributed by a faculty association to members’ personal e-mail addresses because the breach led the college to take its e-mail systems offline.

The Globe and Mail verified the memo with several sources, including Canadian Military Colleges Faculty Association vice-president Sylvain Leblanc. “We don’t have any further information about what the situation is,” Mr. Leblanc said.

It is unknown what kind of data breach is being investigated at RMC and whether it could involve personal data, research or intellectual property. No government agencies replied to questions posed by The Globe and Mail. The RMC referred questions to DND, which did not reply. The Communications Security Establishment, a federal intelligence agency, also declined comment.

The memo tells faculty not to use any RMC computers, not to access any information on those systems and not to plug any devices into these machines until the Defence Department and the Canadian Armed Forces determine what has happened.

“The situation is being investigated by DND and CAF,” the memo says, adding that “questions will be addressed by the chain of command in due course.”

David Skillicorn, a computer-science professor at neighbouring Queen’s University, says this messaging is concerning. “That sounds like a really nasty cyberattack, that they don’t completely know the ramifications of, so they shut everything down.”

Dr. Skillicorn also works at RMC, but said he did not know about the memo until The Globe read it to him because he is not part of the military college’s staff.

The computer scientist said any potential data breach at the college is worrisome. “Civilian universities in Canada are not allowed to do classified research – whereas RMC does,” he said.

The military is honing its own cyber capabilities, with researchers at RMC publishing essays on hacking techniques and offering courses in cryptography, malware analysis and intrusion detection.

This expertise makes the hack all the more embarrassing for the college, Dr. Skillicorn said. “There’s a certain propaganda value for [hackers] in showing that it’s vulnerable because the RMC is effectively a defence branch of the Canadian government,” Dr. Skillicorn said.

In March, the CSE issued a broad warning to all researchers in Canada that “sophisticated threat actors” – a term that usually refers to hackers directed by nation states – would be redoubling their hacking efforts during the COVID-19 crisis.

Nova Scotians still waiting on Portapique mass shooting inquiry

Ontario deploys emergency management team to Windsor-Essex to help address COVID-19 outbreak

Few probes by civilian police-oversight agencies in Canada lead to charges against officers

Last month, Australia’s Prime Minister warned the country, a close ally of Canada, was facing increasingly sophisticated cyberattacks by nation states. In 2019, administrators with Australia’s National University disclosed that their computer logs of personal data related to staff, students and visitors had been hacked for the past 19 years.

In Canada, the federal government called out China in 2014 for hacking its research arm, the National Research Council. In the aftermath, NRC officials had to throw out tainted computers and even went back to using fax machines as the agency told thousands of its corporate partners that their secrets were at risk of being exposed.

“Canada’s National Research Council was a victim of Chinese computer network exploitation activities (CNE). Damage was in the 100s of millions of dollars,” an internal government PowerPoint later said.

The RMC’s website remains offline. The college has roughly 1,200 full-time undergraduate cadets at its campus in Kingston and also offers courses to around 2,000 officers stationed at military bases across Canada and around the world.

In the Saturday memo, the college administration says it aims to complete its investigation soon. “We hope to restore service as quickly as it can be done safely. In the meantime RMC faculty and staff should limit interactions with their systems.”

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.