Bellone says Suffolk County is undertaking a 'cyber checkup'

Suffolk has hired a New York City consulting firm for a “cyber-checkup” to determine vulnerabilities in the county’s information technology network and make recommendations on how to protect the system from attacks, officials said Monday.

“This is a very serious matter,” said Suffolk County Executive Steve Bellone at a news conference in Hauppauge. “Cybersecurity, cyberattacks, these threats, these vulnerabilities are real, and this is not a theoretical issue, this is not an academic exercise we are engaged in here. We have seen these attacks in real time, in municipalities across this country, we’ve seen it around the globe.”

Bellone said Suffolk will be the first municipality in New York state to conduct a security exercise to evaluate network weaknesses and develop responses to cyberattacks.

The county will pay RedLand Strategies $55,000 to conduct the five-month assessment, which will focus on Suffolk police, fire and rescue services and the county’s Department of Information Technology, Bellone said.  The firm is led by Michael A. L. Balboni, a former New York state senator and deputy secretary for public safety. Palo Alto Networks, a Santa Clara, California, cybersecurity firm, will assist in the review.

“Municipalities operate many crucial cyber control systems that are vital to the function of government, affecting everything from the water we drink to traffic signals to power plants and more,” Bellone said. “This thorough security assessment of our current network will serve as a ‘cyber checkup,’ helping us understand our current abilities and identifying areas that could use improvement.”

Suffolk has not suffered any significant breaches in its information network,  said Department of Information Technology Commissioner Scott Mastellon, but there have been countless attempts in recent years. Many, he said, may be from people trying to gain access to information without proper passwords or clearance, but others could be hostile hackers attempting to disrupt government functions.

“There is attempts on an everyday basis as it relates to compromising the network here at the county,” Mastellon said. “We have a number of different components, technology, appliances, people, personnel, policies and procedures that are in place to try to thwart that. I will tell you we have on a regular basis thwarted those types of attacks.”

Mastellon said he is unaware of anybody who faced criminal charges for attempting to breach the county network.

Nassau County spokesman Chris Geed said he was "not aware of the county doing anything similar at this time." 

Other municipalities across the country have suffered from serious cyberattacks. Hackers activated 196 emergency sirens in Dallas in April 2017 and a ransomware attack deleted 30 million files from the Sacramento regional transit system. Baltimore’s 911 system was disrupted for about 17 hours in March 2018 by hackers.

Two Iranian citizens who allegedly hacked Atlanta’s information network, crippling city online services for more than a week, were indicted by a Georgia federal grand jury in December for violating the Computer Fraud and Abuse Act and threatening public health and safety.