Suffolk cyberattack: County ends contract with firm managing response
Suffolk will end its contract with a company that is helping to manage the county's response to a ransomware attack, but also served as a lobbyist for the computer security company brought in to analyze and fortify Suffolk's networks more than three years ago.
Newsday reported Sunday that computer security experts and a government watchdog group said the consulting firm, RedLand Strategies, and founder Michael Balboni's roles as state lobbyist for the company — and consultant to Suffolk County — could present potential conflicts of interest in the cleanup of the Sept. 8 cyberattack.
Separately, computer experts raised concerns that Palo Alto Networks, the company that provided the front-line firewall of Suffolk's defense against cyberattacks, is acting as the primary forensic auditor to analyze what happened when the county's system was breached.
RedLand and Palo Alto recently were awarded new contracts to manage the county's response to the attack, determine how the breach occurred and to help fix it.
RedLand will receive $44,000 for its work between September and November under its contract, county officials said.
Chief Deputy County Executive Lisa Black told legislators during a hearing Monday the county would discontinue the month-to-month contract with RedLand at the end of November.
“They were brought on for incident response to help manage communications and emergency management,” Black told a legislative committee during budget hearings for Suffolk's information technology department.
“RedLand came in and provided expertise as a consultant; they are in no way leading the operation,” Black said
Balboni said the contract was only meant to be temporary.
“It was an engagement related only to the emergency caused by the attack,” Balboni told Newsday.
Black said Suffolk's contract with Palo Alto to probe the cyberattack would continue.
Legislative Presiding Officer Kevin McCaffrey (R-Lindenhurst) said he had no issue with that.
“I don't think there's any conflict of interest,” McCaffrey told Newsday after the hearing. “They are one of the best in the business. I don't really care how they got here. I'm happy that they're here.”
Neither RedLand, Balboni nor Palo Alto have been accused of any wrongdoing.
The disclosure about the end of RedLand's contract came during a hearing Monday into the county information technology department's proposed 2023 budget.
The department is at the center of a county effort to recover from a malware attack that still is hampering operations.
Suffolk took down its websites and web-based applications following discovery of a cyberattack on county systems.
A group has taken credit for the attack in a posting on the dark web and has said it is seeking a “small reward” for revealing vulnerabilities in the county’s systems.
Partially in response to the cyberattack, Suffolk County Executive Steve Bellone proposed in his 2023 budget to raise IT spending from about $25 million to $32.5 million and add 19 positions to the department.
IT commissioner Scott Mastellon testified last week when the government operations, personnel, information technology and diversity committee opened hearings on the IT department budget.
But lawmakers expressed displeasure when Mastellon could not provide specifics on the cost of hardening county technology infrastructure, and told him to return Monday to provide specific details.
“Nineteen positions is a big-ticket item,” Legis. James Mazzarella (R-Moriches) said Monday. “What we're looking for, and we didn't get, is some sort of a narrative of what the plan is.”
Black appeared in Mastellon's place Monday, explaining he could not attend because the county had received a request from Microsoft to change all its passwords.
Black said the county so far has spent $2 million on its forensic investigation of the cyberattack, and $2.8 million on recovery costs.
Black said all county employees should have access to their email by the end of this week.
The proposed new funding also will allow Suffolk to hire a Chief Information Security Officer in 2023, Black said.
The Civil Service position would pay between $140,000 and $197,000, she said.
The county also would use the increased funding to institute multi-factor authentication to sign into accounts, Black said.
Black said both the hiring of a chief information officer and multi-factor authentication are required for the county to obtain cyber insurance, which it lacks.
Total cybersecurity spending, currently 13% of the IT department’s budget, would increase to 20% of spending under Bellone's proposed budget, in line with best practices, Black said.
County officials have said little about how the cyberattack occurred or how wide-ranging the breach was, citing a law enforcement investigation.
The group that took credit for the cyberattack has said it accessed 4 terabytes of county data.
According to county officials, only one individual has been officially notified that their information has been breached under state guidelines after an image of their driver’s license was posted on the dark web.
The county could learn more people had their information breached as the investigation continues, Black said Monday.
“When you have a storm, you can see that the trees fell,” Black said. “This is not tangible, so everybody can't see it.”
Suffolk will end its contract with a company that is helping to manage the county's response to a ransomware attack, but also served as a lobbyist for the computer security company brought in to analyze and fortify Suffolk's networks more than three years ago.
Newsday reported Sunday that computer security experts and a government watchdog group said the consulting firm, RedLand Strategies, and founder Michael Balboni's roles as state lobbyist for the company — and consultant to Suffolk County — could present potential conflicts of interest in the cleanup of the Sept. 8 cyberattack.
Separately, computer experts raised concerns that Palo Alto Networks, the company that provided the front-line firewall of Suffolk's defense against cyberattacks, is acting as the primary forensic auditor to analyze what happened when the county's system was breached.
RedLand and Palo Alto recently were awarded new contracts to manage the county's response to the attack, determine how the breach occurred and to help fix it.
RedLand will receive $44,000 for its work between September and November under its contract, county officials said.
Chief Deputy County Executive Lisa Black told legislators during a hearing Monday the county would discontinue the month-to-month contract with RedLand at the end of November.
“They were brought on for incident response to help manage communications and emergency management,” Black told a legislative committee during budget hearings for Suffolk's information technology department.
“RedLand came in and provided expertise as a consultant; they are in no way leading the operation,” Black said
Balboni said the contract was only meant to be temporary.
“It was an engagement related only to the emergency caused by the attack,” Balboni told Newsday.
Black said Suffolk's contract with Palo Alto to probe the cyberattack would continue.
Legislative Presiding Officer Kevin McCaffrey (R-Lindenhurst) said he had no issue with that.
“I don't think there's any conflict of interest,” McCaffrey told Newsday after the hearing. “They are one of the best in the business. I don't really care how they got here. I'm happy that they're here.”
Neither RedLand, Balboni nor Palo Alto have been accused of any wrongdoing.
The disclosure about the end of RedLand's contract came during a hearing Monday into the county information technology department's proposed 2023 budget.
The department is at the center of a county effort to recover from a malware attack that still is hampering operations.
Suffolk took down its websites and web-based applications following discovery of a cyberattack on county systems.
A group has taken credit for the attack in a posting on the dark web and has said it is seeking a “small reward” for revealing vulnerabilities in the county’s systems.
Partially in response to the cyberattack, Suffolk County Executive Steve Bellone proposed in his 2023 budget to raise IT spending from about $25 million to $32.5 million and add 19 positions to the department.
IT commissioner Scott Mastellon testified last week when the government operations, personnel, information technology and diversity committee opened hearings on the IT department budget.
But lawmakers expressed displeasure when Mastellon could not provide specifics on the cost of hardening county technology infrastructure, and told him to return Monday to provide specific details.
“Nineteen positions is a big-ticket item,” Legis. James Mazzarella (R-Moriches) said Monday. “What we're looking for, and we didn't get, is some sort of a narrative of what the plan is.”
Black appeared in Mastellon's place Monday, explaining he could not attend because the county had received a request from Microsoft to change all its passwords.
Black said the county so far has spent $2 million on its forensic investigation of the cyberattack, and $2.8 million on recovery costs.
Black said all county employees should have access to their email by the end of this week.
The proposed new funding also will allow Suffolk to hire a Chief Information Security Officer in 2023, Black said.
The Civil Service position would pay between $140,000 and $197,000, she said.
The county also would use the increased funding to institute multi-factor authentication to sign into accounts, Black said.
Black said both the hiring of a chief information officer and multi-factor authentication are required for the county to obtain cyber insurance, which it lacks.
Total cybersecurity spending, currently 13% of the IT department’s budget, would increase to 20% of spending under Bellone's proposed budget, in line with best practices, Black said.
County officials have said little about how the cyberattack occurred or how wide-ranging the breach was, citing a law enforcement investigation.
The group that took credit for the cyberattack has said it accessed 4 terabytes of county data.
According to county officials, only one individual has been officially notified that their information has been breached under state guidelines after an image of their driver’s license was posted on the dark web.
The county could learn more people had their information breached as the investigation continues, Black said Monday.
“When you have a storm, you can see that the trees fell,” Black said. “This is not tangible, so everybody can't see it.”
Vera Chinese covers Suffolk County government and politics. She joined Newsday in 2017 after working as an editor for the East End lifestyle publication northforker and a general assignment reporter for the New York Daily News.
Updated now Newsday travel writer Scott Vogel took the ferry over to Block Island for a weekend of fun.
Updated now Newsday travel writer Scott Vogel took the ferry over to Block Island for a weekend of fun.
