Suffolk County and a union representing thousands of county employees are negotiating proposals to “enhance our ability to fix future” ransomware attacks, the union says, after it previously urged members not to use their personal devices or email to link to the compromised county computer system.
The moves follow a crippling Sept. 8 attack on the county computer system and sub-domains across county government that disabled a wide swath of services, from title searches to ticket writing by police. The county has been gradually restoring limited services with new, more secure systems, though critical functions such as email remain impacted.
That’s left some county employees without access to large electronic files, contacts and work product in various systems, including years of archived emails.
Suffolk County spokeswoman Marykate Guilfoyle said the county has instituted contingency plans from the outset of the attack to "ensure continuity of operations and that employees were able to maintain the critical services they provide to county residents. Once county-issued devices have been deemed safe and secure, employees have been able to resume use."
As of Tuesday, Guilfoyle said, "Any system turned on and operational is isolated and has met the network security health parameters."
On Sept. 16, the Suffolk Association of Municipal Employees, which represents some 6,000 county workers, sent a note to its members urging them to refrain from using their personal cellphones, email and other devices for county work.
Members were urged to report “any request you receive asking you to use your personal devices or emails to your unit president,” adding, “The temptation to get things done does not diminish the exposure to liability that can be incurred. The potential risk far outweighs any reward.”
However, that left some workers who don’t have email without the ability to communicate and could hobble the county’s ability to launch a new, higher-security system that allows for texts to be sent to cellphones to authenticate a person’s identity, according to a person familiar with the county response to the cyberattack.
But in a statement Tuesday in response to Newsday questions, Michael Skelly, a spokesman for the union, said the new measures being negotiated with Suffolk are “focused on enhancing our ability to fix future attacks while also safeguarding our members’ personal information.”
He declined to elaborate.
In a separate statement sent to Newsday Tuesday, union president Daniel Levler insisted the union has “proactively engaged with the administration with meaningful solutions to help mitigate this cybersecurity breach.”
Levler wrote that union members have “worked tirelessly to help the county fix the problem,” while the union has negotiated agreements to “expedite overtime for workers working around the clock to secure our [information technology] system."
He also noted the union is “working to provide cyber insurance for all of our members.”
Part of the ongoing negotiations involved “multi-factor authentication and other policies to protect our workers while they remain focused on serving Suffolk County residents,” Levler said.
Asked if that included using their personal cellphones, home computers or emails, Skelly only would say the work would “safeguard our members’ personal information.”
Meanwhile, Suffolk is continuing a "rolling restoration of services, and anticipates restoring fingerprinting applications, along with a number of email and file sharing applications for a limited number of departments." In addition, Guilfoyle said, the budget "will be submitted to the Legislature on October 14th."