Bellone hires outside counsel to respond to probe into cyberattack

Five months after the Suffolk County Legislature formed a special committee to investigate the Sept. 8 cyberattack, the Bellone administration has hired an outside law firm to help respond to information requests from the panel. 

The outside counsel is Philadelphia-based Dechert LLP.

Legis. Anthony Piccirillo (R-Holtsville) told Newsday on Tuesday that he hopes the county’s hiring of outside counsel will speed up rather than slow down the production of documents he’s requested.

The bipartisan committee, which has the authority to issue subpoenas for information, was established to explore the causes and effects of the Sept. 8 cyberattack, which shut down a large swath of county services for nearly a half year. Most systems were restored last month.

“I hope they hired outside counsel to work with us, not against us,” Piccirillo said. “Furthermore, I hope that counsel works in an expeditious fashion so we can receive the documents requested.”

The committee needs a majority of its six members to subpoena the county or any other information source for documents.

“As we have stated from the beginning, the administration is grateful for the Legislature’s partnership in recovering from the cyberattack and we fully support the independent review which will be aided by having outside counsel,” County Executive Steve Bellone said in a statement.

One document the special committee and its counsel, former U.S. Justice Dept. official Richard Donaghue, have already received is a 156-page report from the information technology director of the County Clerk’s Office, Peter Schlussler, detailing what he said were scores of red flags the county missed in potentially heading off the ransomware event. Schlussler and former Suffolk County Clerk Judy Pascale have met voluntarily with Donaghue in recent weeks. 

Schlussler, who has been suspended with pay by Bellone, has denied a county narrative that he and his team allowed vulnerabilities that led to the attack and obstructed attempts to restore operations. Newsday has reported the clerk’s office had been advocating for a hardware firewall months before the attack, but the county's IT steering committee declined the request.

Paul Sabatino, former counsel to the Suffolk County Legislature, said he could understand the need for the county executive to hire outside counsel. “It could become a backstop in the event that there are conflicts for the County Attorney’s Office," he said. 

But he expressed skepticism the county's hiring of outside counsel might slow down the process. “How much slower could it get?" Sabatino said. "It’s been five months, and I haven’t seen any public action." 

The legislative committee has a broad mandate to investigate the cyberattack. “The taxpayers deserve to know exactly how and when this cyber intrusion happened, how long they were in our networks and what personal information was compromised,” Piccirillo said in a statement in October.

Newsday has previously reported that the committee is looking into allegations that county information technology employees and officials reviewed private files and emails using unprecedented nondisclosure agreements. 

Suffolk Comptroller John Kennedy corroborated information from a county source that up to nine county employees signed NDAs to review private county employee emails starting last fall. The source also met with an investigator from the Suffolk District Attorney Ray Tierney's office about the nondisclosures. Some county employees are seeking whsitleblower status to speak to the committee and the DA, said a source who is seeking that status.

Tierney declined to comment on whether his office was investigating, but Piccirillo said, “I look forward to investigating the legalities of those nondisclosure agreements."

At the time Bellone’s office in response issued a statement noting that 12 nondisclosure agreements were signed, without saying who signed them. “Because of the county’s decentralized [information technology] infrastructure and because county IT follows a policy of least privilege to minimize access, the county needed all hands on deck to assist with restoration of county services, therefore the Incident Response Team needed enhanced access to information they previously did not have access to,” the statement said.

Sabatino said that while he worked at the county, he saw nondisclosure agreements in sensitive cases and sometimes with outside vendors, but said it was highly unusual to see them signed by county employees.

“I never saw them with the respect to a county employee doing his job,” he said.

Editor's note -- An earlier version of this story misidentified an IT steering committee.