Recent Posts
Connect with:
Tuesday / November 12.
  • No products in the cart.
HomeBusinessAuditor General shies away from questions about B.C. Legislative Assembly’s 2020 hack

Auditor General shies away from questions about B.C. Legislative Assembly’s 2020 hack

Bob Mackin 

B.C.’s Auditor General says the government’s information technology department has adequate policies regulating employees working from home, except when it comes to the use of personal devices.

Michael Pickup, B.C.’s new auditor general (Nova Scotia)

But, during a March 29 media teleconference, he declined to comment on the state of cybersecurity and telework at the Legislative Assembly. 

In his new report, Michael Pickup said even though the Office of the Chief Information Officer (OCIO) prohibits use of personal devices for telework, the OCIO has not established technical controls to ban their use. 

“With no controls to enforce this policy, there is a risk of government data being stored in an unencrypted format on teleworkers’ personal devices,” the report said. 

Pickup became Auditor General in July 2020, four months after the government shifted to telework due to the coronavirus pandemic. 

In November 2020, after the NDP won a snap election, the Legislative Assembly suffered a cyberattack that remains shrouded in secrecy. The information technology department at the seat of government received emergency help from the OCIO, a division of the Ministry of Citizens’ Services.

“What we set out to do was look at whether the OCIO overall has established these processes and practices, and, of course, with the exception of the one area with a recommendation, found that they did these things,” Pickup said during a media teleconference. “So, otherwise, I would have nothing to comment in relation to that specific question.”

The Legislature’s website was taken down Nov. 10, 2020 and replaced with an image that claimed it was subject to “unscheduled maintenance.” The Clerk’s office finally admitted on Nov. 19, 2020 that it had been hacked, but downplayed the severity and said no data had been lost.

The all-party Legislative Assembly Management Committee (LAMC) and clerk’s office have not released the report into what went wrong. Neither has the NDP government fulfilled house leader Mike Farnworth’s February 2019 promise to add the Legislature to the freedom of information law. Farnworth made that promise after the Information and Privacy Commissioner, Merit Commissioner and Ombudsperson publicly demanded new transparency and accountability measures in the wake of the damning report by then-Speaker Darryl Plecas about spending misconduct by disgraced Clerk Craig James and Sergeant-at-Arms Gary Lenz.

What the B.C. Legislature website looked like on Nov. 13 (Leg.BC.ca)

The public portions of most LAMC meetings have skirted the issue. Then-BC Liberal house leader Peter Milobar expressed frustration at the July 8, 2021 meeting over increasing IT costs and continuing network outages at constituency offices stemming from the incident. 

“Our own ability to service our constituents has been eight months of complete frustration that seems to not be getting any better — if anything, getting worse,” Milobar said. 

At the Dec. 16, 2021 meeting, Clerk Kate Ryan-Lloyd admitted that there had been an “underinvestment” in the IT infrastructure for years and that constituency office network replacement projects, to manage power or network outages, continued. She also said work was underway for a disaster recovery plan for financial systems.

“The network challenges experienced over the past year are well-known to members, as well as some of the other challenges that we have with Wi-Fi connectivity, for example, on the precinct grounds,” Ryan-Lloyd said.

The NDP government allotted $92 million for the Legislative Assembly’s 2022-2023 operating budget. The $5.8 million for IT is the biggest line item in Legislative Operations. According to the December budget update, it forecast spending $7.9 million on IT, a whopping $2.3 million more than budgeted for 2021-2022. 

Andrew Spence, the assembly’s chief information officer, said: “With all the challenges over the past year, we recognize the need to strengthen business continuity considerations and ensure business interruptions are minimized.“

B.C. Supreme Court Associate Chief Justice Heather Holmes is expected to announce her verdict May 5 in the fraud and breach of trust case against James. 

Support theBreaker.news for as low as $2 a month on Patreon. Find out how. Click here.