 |
|
Special Council Richard Donoghue reports on his investigation into the cyberattack
that crippled Suffolk's computer network as members of the county legislative committee formed to get to the bottom of the breach look on, from left, Chairman Anthony Piccirillo, Kevin McCaffrey, the legislature's presiding officer, and Legislator Jason Richberg. Donoghue said Suffolk Executive Steve Bellone ignored the legislature's request for a cybersecurity "Health Check" prior to the September attack and a report on the county's cyber posture, security training and prevention methods.
|
Former U.S. Attorney Richard Donoghue also said at Monday’s meeting of the committee that the county did not qualify for cyber insurance for a number of reasons including its failure to have a “Cyber Breach Recovery Plan” in place. The county could have recovered from the attack faster if it had a response plan “off the shelf, rather than scrambling” after the county’s system was hit. “It’s certainly best practices to have a plan in place,” Donoghue said. A remediation plan would have identified procedures on bringing departments back on line, the special investigator noted.
While the special committee was meeting, Bellone announced the appointment of a Chief Information Security Officer, a move that has been pushed by the legislature.
Informed of a $2.5 million ransomware demand in September, County Executive Steve Bellone shut down Suffolk’s vast computer network rather than acquiesce to the attackers. The move paralyzed government services and impacted every department from the county police to child protective services. The loss of county data handcuffed local governments with Brookhaven reporting that its Zombie home removal efforts were stopped dead in their tracks. The hack, traced to a strain of Ransomwear known as BlackCat, came in through an inadequate firewall in a security system found to be woefully inadequate.
As the extent of the hack was exposed, county officials reported that the records of about 500,000 Suffolk residents were compromised, along with the personal information of about 26,000 current and former employees. The county was unable to pay its bills in a timely fashion, while the expense of providing free credit monitoring to those affected is driving up the cost of the attack. Suffolk has about 10,000 computer systems and about 140 of them were considered “compromised,” the Bellone administration reported.
In a rare move, the special legislative committee was vested with subpoena powers to compel witnesses to testify—only the second time in county history such authority has been granted, officials said.
Donoghue said his investigators have interviewed nine witnesses so far and have complied 20,000 documents, mostly emails, pertaining to cyber security and the attack. The committee has yet to use its subpoena power and the special counsel said requests for information from Bellone have not yet been completed, but they’re “close.”
“We will get to the who, the why, and the how of this attack so we can prevent it from happening again,“ said Legislator Anthony Piccirillo, chairman of the committee. “We’re going through thousands of documents with the special counsel handling the witness statements and the interviews,” he said, noting that the effort has a few more months to go. “We’ve had what I would say is a cordial relationship with the county executive's office regarding our investigation, but if we can't get things that we expect in a timely manner, we will use the power that has been granted to us,” Piccirillo stressed. “We want to reiterate that we are not targeting anyone. This is not a witch hunt, this is not political, this is a fact-finding mission to make sure that the people can get the answers that they deserve.”
Initial speculation as to the entry point of the hack was initially focused on the county clerk’s office where an illegal Bitcoin mining operation was allegedly conducted by IT employee Christopher Naples. It was then learned that the encryption that locked the county files came in through the traffic violations bureau on September 8 at 6:08 a.m. The county clerk and the comptroller disconnected from the network five hours later. At four p.m. Bellone shut down the rest of the system, officials said. The hackers demanded the $2.5 million ransom in return for lifting the encryption.
Bellone took to the podium on various occasions to explain what he thinks went wrong and to accept, at least partially, the blame. He suggested that Naples, an architect of the clerk’s computer infrastructure, delayed a security upgrade that could have forestalled the attack. But William Keahon, the attorney representing Naples, disputed that claim, reportedly saying: “He’ll do anything to shift the blame.” Bellone acknowledged the county’s failure to hire a Chief Information Security Officer to oversee Suffolk’s cybersecurity and not centralizing all of the county’s networks into a single secure place as deficiencies that left the county vulnerable. Bellone’s office did not respond to requests for additional comment.
 |
|
The members of the Suffolk Legislature's special committee investigating the September
cyberattack with investigator Richard Donoghue, back row from left, James Mazzarella, Anthony Piccirillo, Sarah Anker, Jason Richberg, and Robert Trotta. Seated are Donoghue and Presiding Officer Kevin McCaffrey.
|
Naples, of Mattituck, who earned $149,721 last year, remains suspended with pay a year and a half after his arrest. A forensic auditor estimated that he allegedly stole more than $6,400 in electricity to run a bank of computers to support the Bitcoin operation.
“The damage is incalculable,” said Brookhaven Supervisor Edward Romaine, who previously served as county clerk, in ticking off problems caused by the county system going down. “It was a huge blow to police effectiveness since officers couldn’t get information from their computers. There were no health departments permits and it became more difficult to buy or sell a home without access to important records. The town’s program to remove Zombie homes was stalled because we couldn’t obtain information from the county,” he said. “And how about child protective services? How can they deal with child abuse situations when they don’t have computer access?”
Romaine, a candidate for county executive, pointed out that Brookhaven conducts its operations in the “Cloud” where he said security is higher than with an in-house system. The town also undergoes periodic “penetration tests” to ensure the integrity of its system, he noted.
In announcing the special committee to investigate the attack, the legislature’s presiding officer, Kevin McCaffrey said, “We worked closely with other levels of our government during this crisis to restore order and services to the 1.5 million residents of this county. But now it is time for answers. How did this happen, when was it known, and what is being done to ensure it doesn't happen again?" he asked. “We still do not even know the true depth of this ransomware attack, which has already cost residents millions of dollars,” McCaffrey said. “I’m certain that as we conduct these investigative hearings we will learn how damaging this cyberattack is and the plans to assure the residents of this county that their personal information is secure and the services their tax dollars pay for are always available, not being held hostage by criminals."
Donoghue will be paid $850 per hour for his investigative services, while associates with his firm would be paid $690 per hour. Attorneys working on discovery would be paid $300 per hour, county officials reported.