Auditor General shuns questions on 2020 BC Legislative Assembly hack

Bob Mackin

BC’s auditor general says the government’s information technology department has adequate guidelines governing employees working from home, except when it comes to using personal devices.

Michael Pickup, New Auditor General of BC (Nova Scotia)

However, during a media conference on March 29, he declined to comment on the state of cybersecurity and telecommuting in the Legislative Assembly.

In his new report, Michael Pickup said that although the Office of the Chief Information Officer (OCIO) prohibits the use of personal devices for teleworking, the OCIO has not put in place technical controls to prohibit their use.

“Without controls to enforce this policy, there is a risk that government data will be stored in an unencrypted format on teleworkers’ personal devices,” the report said.

Pickup became auditor general in July 2020, four months after the government switched to teleworking due to the coronavirus pandemic.

In November 2020, after the NDP won early elections, the Legislative Assembly suffered a cyber attack that is still being kept secret. The Department of Information Technology at the seat of government received emergency aid from the OCIO, a division of the Department of Citizen Services.

“We wanted to look at whether, overall, OCIO has put these processes and practices in place, and of course, with the exception of the one area with a recommendation, found that they have done these things,” Pickup said on a press conference call. “Otherwise, then, I wouldn’t have anything to say on that particular question.”

The Legislature’s website was taken down on November 10, 2020 and replaced with an image claiming it had undergone “unscheduled maintenance”. The Clerk’s office finally admitted on November 19, 2020 that it had been hacked, but downplayed the severity and said no data was lost.

The All-Party Legislative Assembly Management Committee (LAMC) and Secretariat have not released the report of what went wrong. The NDP government has also failed to fulfill House leader Mike Farnworth’s promise in February 2019 to add legislation to the Freedom of Information Act. Farnworth made that pledge after the Information and Privacy Commissioner, Merit Commissioner and Ombudsperson publicly offered new transparency in the wake of then-Speaker Darryl Plecas’ scathing report on the wrongdoing of disgraced Clerk Craig James and Sergeant-at-Arms Gary and accountability had demanded Lenz.

This is what the BC Legislature website looked like on November 13 (

The public portions of most LAMC meetings have sidestepped the issue. At the July 8, 2021 meeting, then-Leader of the BC Liberal House Peter Milobar expressed frustration at rising IT costs and ongoing network outages at constituency offices resulting from the incident.

“Our own ability to serve our constituents was eight months of utter frustration that didn’t seem to be getting better — if it was getting worse,” Milobar said.

At the December 16, 2021 meeting, case officer Kate Ryan-Lloyd admitted that there had been “underinvestment in IT infrastructure” for years and that projects to replace constituency office networks to cope with power or network outages continued . She also said work is underway on a financial systems disaster recovery plan.

“The network challenges of the past year are well known to members, as are some of the other challenges we have with Wi-Fi connectivity, for example at the precinct,” said Ryan-Lloyd.

The NDP government allocated US$92 million for the Legislative Assembly’s operating budget for 2022-2023. The $5.8 million for IT is the largest single item in Legislative Operations. The December budget update forecast spending of $7.9 million on IT, a whopping $2.3 million more than projected for 2021-2022.

Andrew Spence, Assembly Chief Information Officer, said: “With all the challenges over the past year, we recognize the need to reinforce business continuity considerations and ensure business disruption is minimized.”

Deputy Chief Justice of the BC Supreme Court Heather Holmes is expected to deliver her verdict on May 5 in the fraud and breach of trust case against James.

support theinterrupter.Messages for just $2 a month on Patreon. Find out how. Click here.

Comments are closed.