Suffolk cyberattack panel mulls next step after 2 subpoenaed employees fail to show
Two Suffolk employees subpoenaed to testify at the county's Cyber Attack Investigation Committee meeting Tuesday were no-shows, prompting the panel to consider seeking a judge's order for their public testimony.
The employees, Jack Bloom and Vincent Cordiale, work in the county's IT department and were served subpoenas last week, according to the panel’s special counsel, Richard Donoghue. A third employee, Jason Bruno, who works for the county clerk’s IT department, spoke voluntarily at the meeting.
The six-member legislative committee has been working since May to probe the origins of the hack, discovered Sept. 8. The breach disrupted a range of county services, delayed payments to vendors and prevented access to county emails.
Donoghue said he was told Monday by attorneys representing the Suffolk Association of Municipal Employees, the county’s largest union, that neither Bloom nor Cordiale would appear. Donoghue said he had previously interviewed the two men privately, but declined to disclose what they said or what questions the committee would ask them.
“They have relevant evidence to the committee’s mission here to determine the causes and the factors that led up to the cyber breach,” he said during the meeting.
The panel voted 5-0 in executive session to authorize Donoghue to seek a judicial order to enforce the subpoenas, according to Legis. Anthony Piccirillo (R-Holtsville), chairman of the committee. Donoghue said he hopes the staffers will comply before he seeks judicial intervention.
Reached by phone Tuesday, a man who identified himself as Bloom said he thought his appearance was optional, but would publicly speak if a judge ordered him to do so.
"I'm not happy about this entire situation,” he said.
Cordiale could not be reached for comment. A spokesman for the AME declined to comment.
Newsday previously reported that the committee is investigating why county IT employees and officials signed nondisclosure agreements in the aftermath of the ransomware attack, whether they were legal and if they were used to review private employee emails.
Suffolk County Executive Steve Bellone has said a dozen employees signed NDAs because “the Incident Response Team needed enhanced access to information they previously did not have access to.”
On Tuesday, a Bellone spokeswoman said one of the two men subpoenaed to testify signed an agreement "not to disclose, release or copy, any confidential information in accordance with county code of ethics." She did not specify which employee, and Bloom said he did not remember if he signed an agreement.
The meeting continued a longstanding debate over who in the county was responsible for the breach and the response to it. Bellone's administration has traded blame with the county clerk's office, where the breach was discovered.
While Bellone has said the county's IT department “had no ability to monitor the clerk IT environment," Bruno testified that the department “always had some form of visibility” into the clerk domain. The department was given full access in September 2021 after a worker was charged with running an illegal cryptocurrency mining operation out of the department, Bruno said.
A county spokeswoman countered that only two IT employees were given access and it was for a "specific, limited purpose."
She said the clerk's office "failed for more than six months" to address a vulnerability known a "log4j" that reportedly allowed the hackers to gain access to the system.
Bruno said the clerk's office "got pretty much into a good place" while patching the system to fix the issue.
"There were a few standout servers and devices that were not remediated" at the time of the hack, he told the committee.
Donoghue said the committee has obtained 34,000 documents from the county executive’s office and that it has hired cyber investigators to probe the forensics of how the attackers gained access.
He said they will conduct four or five additional interviews and likely craft a forensic report as well as a report summarizing what they learned and what should be done to prevent a future attack.
The next meeting is tentatively scheduled for Aug. 23.
Two Suffolk employees subpoenaed to testify at the county's Cyber Attack Investigation Committee meeting Tuesday were no-shows, prompting the panel to consider seeking a judge's order for their public testimony.
The employees, Jack Bloom and Vincent Cordiale, work in the county's IT department and were served subpoenas last week, according to the panel’s special counsel, Richard Donoghue. A third employee, Jason Bruno, who works for the county clerk’s IT department, spoke voluntarily at the meeting.
The six-member legislative committee has been working since May to probe the origins of the hack, discovered Sept. 8. The breach disrupted a range of county services, delayed payments to vendors and prevented access to county emails.
Donoghue said he was told Monday by attorneys representing the Suffolk Association of Municipal Employees, the county’s largest union, that neither Bloom nor Cordiale would appear. Donoghue said he had previously interviewed the two men privately, but declined to disclose what they said or what questions the committee would ask them.
“They have relevant evidence to the committee’s mission here to determine the causes and the factors that led up to the cyber breach,” he said during the meeting.
The panel voted 5-0 in executive session to authorize Donoghue to seek a judicial order to enforce the subpoenas, according to Legis. Anthony Piccirillo (R-Holtsville), chairman of the committee. Donoghue said he hopes the staffers will comply before he seeks judicial intervention.
Reached by phone Tuesday, a man who identified himself as Bloom said he thought his appearance was optional, but would publicly speak if a judge ordered him to do so.
"I'm not happy about this entire situation,” he said.
Cordiale could not be reached for comment. A spokesman for the AME declined to comment.
Newsday previously reported that the committee is investigating why county IT employees and officials signed nondisclosure agreements in the aftermath of the ransomware attack, whether they were legal and if they were used to review private employee emails.
Suffolk County Executive Steve Bellone has said a dozen employees signed NDAs because “the Incident Response Team needed enhanced access to information they previously did not have access to.”
On Tuesday, a Bellone spokeswoman said one of the two men subpoenaed to testify signed an agreement "not to disclose, release or copy, any confidential information in accordance with county code of ethics." She did not specify which employee, and Bloom said he did not remember if he signed an agreement.
The meeting continued a longstanding debate over who in the county was responsible for the breach and the response to it. Bellone's administration has traded blame with the county clerk's office, where the breach was discovered.
While Bellone has said the county's IT department “had no ability to monitor the clerk IT environment," Bruno testified that the department “always had some form of visibility” into the clerk domain. The department was given full access in September 2021 after a worker was charged with running an illegal cryptocurrency mining operation out of the department, Bruno said.
A county spokeswoman countered that only two IT employees were given access and it was for a "specific, limited purpose."
She said the clerk's office "failed for more than six months" to address a vulnerability known a "log4j" that reportedly allowed the hackers to gain access to the system.
Bruno said the clerk's office "got pretty much into a good place" while patching the system to fix the issue.
"There were a few standout servers and devices that were not remediated" at the time of the hack, he told the committee.
Donoghue said the committee has obtained 34,000 documents from the county executive’s office and that it has hired cyber investigators to probe the forensics of how the attackers gained access.
He said they will conduct four or five additional interviews and likely craft a forensic report as well as a report summarizing what they learned and what should be done to prevent a future attack.
The next meeting is tentatively scheduled for Aug. 23.