The Nassau County Legislature on Monday approved a contract for cybersecurity services, three months after a ransomware attack crippled Suffolk County government, but county officials declined to identify the vendor's name or the cost of the service at the request of County Executive Bruce Blakeman.
The Legislature's Rules Committee unanimously approved the contract after members of the Blakeman administration briefed legislators earlier in the day. Lawmakers know the cost of the contract and the identity of the vendor, Nassau Presiding Officer Richard Nicolello (R-New Hyde Park) said before the vote took place.
Legislators ultimately agreed with Blakeman's extraordinary request, citing fears of another possible cybersecurity attack and the extent to which Suffolk County suffered after experiencing a malware attack on Sept. 8.
Newsday submitted a Freedom of Information Law request for the contract, including details about the vendor's name and cost.
Brian Libert, Bureau Chief with the County Attorney's Legal Counsel Bureau, told legislators the pact "is a contract that supports Nassau County's ongoing efforts in bolstering cybersecurity protocols."
Libert said he believed the contract was exempt from public disclosure laws, including from state Freedom of Information Law requests. He had asked the county to hear the contract terms in executive session, citing a portion of the state public officers law, which he said permits exemption of matters that would "imperil the public safety if disclosed."
Nicolello told Libert the contract presented an "unusual circumstance, and the Legislature does not ever agree to these types of scenarios, prior to this. But given the sensitivity of the issue and what we're seeing unfolding in Suffolk County, I believe this is an extraordinary circumstance that would justify treating this in the way you suggested."
Nassau's seven-member Rules Committee, with four Republicans and three Democrats, approves county contracts totaling $1,000 or more. The full 19-member legislature does not need to approve them.
Contract packets in the legislature are routinely published on the county's website. They are generally dozens of pages long and include the vendor's name and cost of the work.
After a series of contracting scandals in Nassau County, the Legislature in 2016 required contractors to reveal their campaign contributions. Such lists are also included in the public contract packets.
The county submitted only a one-page cybersecurity contract and referred to the company only as "Vendor." The legislature gave Blakeman authority to approve, "any and all other nonfinancial instruments" to carry out the agreement.
Nassau Legis. Kevan Abrahams (D-Freeport) said, "Obviously, this is a very sensitive matter, and we don't want to talk about it too much. We're trying to give the public as much information as we can and at the same time, protect them."
Boyle, a county spokesman, told Newsday on Monday: "This contract pertains to the cybersecurity of the county, and has been vetted by a committee composed of representatives from the office of the inspector general, county attorney, district attorney and police department to ensure its effectiveness and integrity. No further information will be given out due to obvious security concerns."