Suffolk's main website back online, more than 5 months after cyberattack

Suffolk County government's main website was returned to service on Friday, along with more than a dozen affiliated online services, as County Executive Steve Bellone accepted some responsibility for decisions prior to the crippling Sept. 8 attack.

The main site and numerous county online services had been offline for nearly six months, after hackers demanded a $2.5 million ransomware the county refused to pay. Not all services have been restored, officials noted, but more will come online next week, said Bellone, who continued to put most of the blame for the attack on the Suffolk County Clerk's computer director and systems.

Peter Schlussler, the IT director for the clerk's office, whom Bellone put on paid leave in December, in a statement to Newsday Friday, noted that he'd recently met voluntarily with Richard Donaghue, the former U.S. Justice Department official who is probing the ransomware event for the Suffolk County Legislature.

“As I highly respect [Donaghue's] record of impartiality and professionalism, I will let the critical facts I presented to him be judged by him," Schlussler said. But he added," If action had been taken by the Suffolk County Department of Information Technology, the cyberattack would have been prevented." 

At his third major news briefing since the attack, Bellone said the return of the county's main website, along with 15 other subsites, including Suffolk Transit and the Suffolk Land Bank, came after intensive work conducted after his team took over the clerk's computer network in December under emergency authority. 

Standing beside newly elected County Clerk Vincent Puleo, Bellone also announced that many clerk services that had been offline had been deemed safe and restored and that the county would work toward a more centralized computer network to make sure cyber breaches such as the one that hobbled the county don’t happen again.

“Suffolk County is back online,” Bellone said.

Puleo added, "Going forward we will do everything we can to cooperate and get things where they belong and keep the protection so that the whole county is protected from future attacks.”

Bellone added it was a "fair criticism to say that I should have more quickly implemented the recommendations in the 2019 cybersecurity assessment, which I commissioned, to hire an additional executive level leader focused on cybersecurity."

Instead, the county for years relied primarily on a cybersecurity “coordinator” who eventually retired and became a contractor with similar duties. He recently moved to Florida. 

Bellone said the county is conducting a search for a chief information security office, with outside security consultant Michael Balboni helping in the effort. 

By Mark Harrington

mark.harrington@newsday.comMHarringtonNews

Mark Harrington, a Newsday reporter since 1999, covers energy, wineries, Indian affairs and fisheries.