Michael Balboni, president of RedLand Strategies, speaks during a news...

Michael Balboni, president of RedLand Strategies, speaks during a news conference in Hauppauge on Feb. 25, 2019. Credit: Jessica Rotkiewicz

As Suffolk County moves to hire a top-ranking official to head up cybersecurity operations across its sprawling networks, it has turned again to a consultant it previously contracted with for cybersecurity preparation and ransomware response.

Michael Balboni and his RedLand Strategies were recently hired by Suffolk to help the county in its search for the newly created position of chief information security officer, Suffolk County Executive Steve Bellone told Newsday.

Suffolk in October had announced it had completed a previously arranged three-month contract with RedLand that concluded in November, days after Newsday reported Balboni had been registered to lobby state government for several cybersecurity vendors under contract to Suffolk, including its primary firewall supplier, Palo Alto Networks.

Balboni on Tuesday said his consulting work for the county was unrelated to his state lobbying initiatives, and emphasized that RedLand’s contract with Suffolk “had always been for the duration of the incident response to the breach. The services ended after three months” per the contract, and “not for any other reason.”

Balboni added, “I was hired solely for the purpose of helping with incident management” of the Suffolk cyberattack. “At no time did I recommend the hiring of any company, much less the companies I represent.” He pointed out he’s not registered to lobby in Suffolk “nor will I be for the purposes of this engagement going forward.” He added, “There was no conflict.”

Bellone said Balboni’s recent work has not involved hiring new vendors.

“I’ve been involved in those meetings. Nobody’s hiring anybody because Mike Balboni is saying hire them. I’ve never heard him say, ‘You should hire this person,’  ” Bellone said.

Bellone said Balboni “is a cybersecurity expert. He’s in the field of cybersecurity. He’s going to have contacts and relationships with people in cybersecurity that we may be calling on because they happen to be in the field.”

Balboni said his most recent work for Suffolk could extend through year’s end.

“We’ve had some really good candidates come forward,” he said, adding that the search for a chief information security officer could be concluded in a matter of weeks.

Suffolk also will embark on a program Balboni said would be “the first of its kind in the state” to provide “informational awareness of breaches, cybersecurity best practices and testing of those procedures through tabletop exercises.” Balboni will be advising Suffolk on those matters.

Balboni first received a contract to work for Suffolk in 2019, when he was awarded a $55,000 contract that made Suffolk the first in the state to undergo a cybersecurity checkup. As part of that contract, Balboni worked with Palo Alto to evaluate Suffolk’s cybersecurity risks. A year later, Palo Alto was awarded a contract for a countywide firewall and other security products and services, displacing prior firewall company, Cisco Systems.

Newsday in October reported Balboni had registered with the state as a lobbyist for Palo Alto, as well as for other security vendors awarded by Suffolk, including Okta two-factor authentication and Tenable, another security firm.

Newsday has reported some good-government and cybersecurity firms raised questions about Palo Alto’s dual roles as both firewall and cybersecurity contractor and, through its Unit 42 division, also the primary forensic investigator of the ransomware attack. Some said the relationship could raise concerns about potential conflicts of interest, an issue Suffolk denied.

Last week, Bellone announced Suffolk had restored the main county website to service, along with a more than a dozen affiliated online services — and more would come this week and in the future. He also discussed what his team found to be the origins of the attack in the Suffolk County Clerk’s office, while taking some blame himself for not acting on prior recommendations.

Asked on Friday why Palo Alto’s perimeter firewall and other products had apparently failed to stop a cyberattack his administration has acknowledged had begun nine months before Sept. 8, Bellone said, “I’m not the expert on this, that will be detailed out in the [final] forensic examination,” which is being conducted by Unit 42.

After the news briefing, deputy county executive Vanessa Baird-Streeter said the Suffolk Clerk’s office had years ago requested a “carve out” in the firewall rules that prevented Palo Alto from blocking malicious traffic from the clerk’s domain. But Peter Schlussler, the clerk’s information technology director whom Bellone recently suspended, called that contention “an abject lie. All traffic leaving the parent [Suffolk] domain should have been protected by Palo Alto.”

Palo Alto has declined to comment, referring questions to Suffolk. Balboni emphasized, “The Palo Alto firewall didn’t fail.”

Among the recommendations in a 2019 report to the Suffolk County Legislature, a report that includes input from RedLand Strategies, was the determination that a chief cybersecurity officer was needed to help shore up protection for the county’s disparate and sprawling systems.

But the county has said it did not do so in the intervening years primarily because of COVID-19 distractions. The new job title was included in the approved 2023 budget, along with funding for additional cybersecurity staff and services.

Bellone, referencing the 2019 report, said he should have acted sooner to approve the cybersecurity chief position. Suffolk in those intervening years has operated with a “coordinator” who retired in 2021 and operated in the job as an outside contractor. He moved to Florida last year but remains a paid contractor.

“It’s a fair criticism to say that I should have more quickly implemented the recommendations in the 2019 cybersecurity assessment, which I commissioned, to hire an additional executive level leader focused on cybersecurity,” Bellone said. “Given what I know now, I would have pushed hard to get that executive level position created despite the pandemic.”

As Suffolk County moves to hire a top-ranking official to head up cybersecurity operations across its sprawling networks, it has turned again to a consultant it previously contracted with for cybersecurity preparation and ransomware response.

Michael Balboni and his RedLand Strategies were recently hired by Suffolk to help the county in its search for the newly created position of chief information security officer, Suffolk County Executive Steve Bellone told Newsday.

Suffolk in October had announced it had completed a previously arranged three-month contract with RedLand that concluded in November, days after Newsday reported Balboni had been registered to lobby state government for several cybersecurity vendors under contract to Suffolk, including its primary firewall supplier, Palo Alto Networks.

Balboni on Tuesday said his consulting work for the county was unrelated to his state lobbying initiatives, and emphasized that RedLand’s contract with Suffolk “had always been for the duration of the incident response to the breach. The services ended after three months” per the contract, and “not for any other reason.”

WHAT TO KNOW

  • Michael Balboni and his RedLand Strategies were recently hired by Suffolk County to help its search for the newly created position of chief information security officer,
  • Balboni has been a registered lobbyist for several cybersecurity vendors under contract to Suffolk, including its primary firewall supplier.
  • Balboni says his consulting work for the county is unrelated to his state lobbying initiatives. 

Balboni added, “I was hired solely for the purpose of helping with incident management” of the Suffolk cyberattack. “At no time did I recommend the hiring of any company, much less the companies I represent.” He pointed out he’s not registered to lobby in Suffolk “nor will I be for the purposes of this engagement going forward.” He added, “There was no conflict.”

Bellone said Balboni’s recent work has not involved hiring new vendors.

“I’ve been involved in those meetings. Nobody’s hiring anybody because Mike Balboni is saying hire them. I’ve never heard him say, ‘You should hire this person,’  ” Bellone said.

‘Cybersecurity expert’

Bellone said Balboni “is a cybersecurity expert. He’s in the field of cybersecurity. He’s going to have contacts and relationships with people in cybersecurity that we may be calling on because they happen to be in the field.”

Balboni said his most recent work for Suffolk could extend through year’s end.

“We’ve had some really good candidates come forward,” he said, adding that the search for a chief information security officer could be concluded in a matter of weeks.

Suffolk also will embark on a program Balboni said would be “the first of its kind in the state” to provide “informational awareness of breaches, cybersecurity best practices and testing of those procedures through tabletop exercises.” Balboni will be advising Suffolk on those matters.

Balboni first received a contract to work for Suffolk in 2019, when he was awarded a $55,000 contract that made Suffolk the first in the state to undergo a cybersecurity checkup. As part of that contract, Balboni worked with Palo Alto to evaluate Suffolk’s cybersecurity risks. A year later, Palo Alto was awarded a contract for a countywide firewall and other security products and services, displacing prior firewall company, Cisco Systems.

Newsday in October reported Balboni had registered with the state as a lobbyist for Palo Alto, as well as for other security vendors awarded by Suffolk, including Okta two-factor authentication and Tenable, another security firm.

Newsday has reported some good-government and cybersecurity firms raised questions about Palo Alto’s dual roles as both firewall and cybersecurity contractor and, through its Unit 42 division, also the primary forensic investigator of the ransomware attack. Some said the relationship could raise concerns about potential conflicts of interest, an issue Suffolk denied.

Closer to normal

Last week, Bellone announced Suffolk had restored the main county website to service, along with a more than a dozen affiliated online services — and more would come this week and in the future. He also discussed what his team found to be the origins of the attack in the Suffolk County Clerk’s office, while taking some blame himself for not acting on prior recommendations.

Asked on Friday why Palo Alto’s perimeter firewall and other products had apparently failed to stop a cyberattack his administration has acknowledged had begun nine months before Sept. 8, Bellone said, “I’m not the expert on this, that will be detailed out in the [final] forensic examination,” which is being conducted by Unit 42.

After the news briefing, deputy county executive Vanessa Baird-Streeter said the Suffolk Clerk’s office had years ago requested a “carve out” in the firewall rules that prevented Palo Alto from blocking malicious traffic from the clerk’s domain. But Peter Schlussler, the clerk’s information technology director whom Bellone recently suspended, called that contention “an abject lie. All traffic leaving the parent [Suffolk] domain should have been protected by Palo Alto.”

Palo Alto has declined to comment, referring questions to Suffolk. Balboni emphasized, “The Palo Alto firewall didn’t fail.”

Among the recommendations in a 2019 report to the Suffolk County Legislature, a report that includes input from RedLand Strategies, was the determination that a chief cybersecurity officer was needed to help shore up protection for the county’s disparate and sprawling systems.

But the county has said it did not do so in the intervening years primarily because of COVID-19 distractions. The new job title was included in the approved 2023 budget, along with funding for additional cybersecurity staff and services.

Bellone, referencing the 2019 report, said he should have acted sooner to approve the cybersecurity chief position. Suffolk in those intervening years has operated with a “coordinator” who retired in 2021 and operated in the job as an outside contractor. He moved to Florida last year but remains a paid contractor.

“It’s a fair criticism to say that I should have more quickly implemented the recommendations in the 2019 cybersecurity assessment, which I commissioned, to hire an additional executive level leader focused on cybersecurity,” Bellone said. “Given what I know now, I would have pushed hard to get that executive level position created despite the pandemic.”

Newsday LogoSUBSCRIBEUnlimited Digital AccessOnly 25¢for 5 months
ACT NOWSALE ENDS SOON | CANCEL ANYTIME