Suffolk Clerk Office's IT Dept. Revamped After Cyberattack Examination’s Release

HAUPPAUGE, NY — The once autonomous Suffolk County Clerk's information technology department is undergoing restructuring, including the transfer of new employees to continue the digital forensic examination, which found hackers gained access to the office last December.

Palo Alto's examination of the events leading up to the Sept. 8 cyberattack found that hackers first gained access to the clerk's office, which operated independently, bypassing the county's firewall, due to a Log4j vulnerability that could have been addressed in a previously uninstalled security upgrade, County Executive Steve Bellone said Wednesday.

The breach could have been thwarted had the clerk's IT department been centralized with the county's, and if its director had made key security changes and not withheld critical information, according to Bellone.

The position of the clerk's office's IT director Peter Schlussler was later transferred to that of the county's IT main department and he was placed on paid administrative leave. With that, Bellone also moved two "long-serving, highly-respected" employees from the county's main IT department to oversee IT operations at the clerk's office, he said.

Bellone accused Schlussler of obstructing the restoration process and gave that as the reason for the restructuring.

Most of the county's departments were back online with a clean bill of health on Oct. 17, but not the clerk's, which is still experiencing issues, according to Bellone.

The two employees will work with the digital forensic team "to complete the examination so that we can get the entire county network back online as quickly as possible," Bellone said.

He said the key takeaway from the examination is that there is greater risk of a security threat with a centralized IT department.

"A single IT security presence with jurisdiction across the entire county IT enterprise is the responsible and necessary approach to protect the government and its taxpayers," Bellone said, adding, that "while the existing system fails county government and the taxpayer, resulting in millions of dollars and other unforeseen expenses and the potential exposure of personal information by criminal actors, who had infiltrated the county's IT infrastructure through the clerk's office."

Bellone went on to say that officials now know the situation was "complicated by virtue of some of the staff members involved, but the fact is that stove-piping and compartmentalizing IT security is a bad idea. "

He said he is working with the legislature to move the county forward, noting that just last month, lawmakers approved a budget creating a new chief information security officer position dedicated to cybersecurity.

"As I've said from the very beginning, I am determined that this counter will emerge from this emergency in a much stronger position," he said.

Patch has reached out to Pascale's office and Schlussler for comment.

Pascale declined to comment about the examination for Newsday.

Schlussler has denied any fault, telling Newsday that "no one is perfect with decision-making in the highly complex technological world. I included."

"I do know I did my absolute best by trying to bring awareness to the cyber issues that me and my team witnessed over the course of the year," Schlussler wrote in an email to the outlet.

"Our office attempted to purchase a more robust firewall in June to offer better protection, however, that was not allowed to be pushed forward," he said.

He further told the outlet said, "retribution was to be expected and I stand by what is depicted clearly in the emails."

Suffolk government's web-based applications were breached in what officials have described as a ransomware attack on Sept. 8 and officials were forced to shut down. The intrusion caused a massive amount of disruption, with the county's various departments working off of paper, something that had not taken place since the 90s.

In the weeks that followed a cybercriminal group known as BlackCat came forward to claim responsibility. The group asked for $2.5 million but Bellone said he turned it down.

In late November, it was announced that the driver’s license numbers of nearly 500,000 people, who were issued violations in the county's police district, meaning the area patrolled by Suffolk police outside villages, were possibly exposed.

The area of exposure dates back to 2013.

Current and former county employee information was also compromised in the attack.

RELATED STORIES:

• 5 Things To Know About Preliminary Suffolk Cyberattack Probe
  
• Suffolk Cyberattack Hackers Demanded $2.5M: Bellone
• 'Zombie House' Demos Stalled In Brookhaven Over Cyberattack: Officials
• Suffolk Traffic Court Back Online After Cyberattack: Report
• Suffolk Property Tax Refunds Backlogged Since Cyberattack: Report
• Suffolk Offers Free Credit Monitoring To People Exposed In Cyberattack
• Suffolk Pols Give Subpoena Power To Panel In Cyberattack Probe: Report
• Funding Questioned As Suffolk IT Head Plans To Boost Staff, Equipment
• Suffolk Officials Warned Of Possible Cyberattack Months Ago: Report
• Suffolk Cyberattack: Title Searches Return As Property Sales Delayed
• Suffolk Hack: Residents Told Obtain Credit Report, Look Over With Care
• 'Threat Actor' Claims Responsibility For Suffolk Hack On Dark Web
• Suffolk Exec Says 'Cyber Intrusion' Has Hallmarks Of Ransomware
• After Possible Cyberattack, Suffolk Deploys Manual Record-Keeping