Richard Donoghue, special counsel for the Suffolk County Legislature's Cyber Attack...

Richard Donoghue, special counsel for the Suffolk County Legislature's Cyber Attack Investigation Committee. Credit: Howard Schnapp

The Suffolk County Legislature’s Cyber Attack Investigation Committee voted Monday to issue subpoenas for four county employees to be questioned after they declined previous requests for interviews, committee members said.

Their names and departments were not revealed, though they all are involved with information technology functions, according to the committee’s special counsel, former U.S. Attorney for the Eastern District of New York Richard Donoghue.

“We had contact with a number of county employees who have relevant information,” Donoghue said after the meeting. “They indicated either directly or through their counsel that they did not want to submit to voluntary interviews.”

The six-member bipartisan committee, led by Legis. Anthony Piccirillo (R-Holbrook), voted unanimously on the subpoenas at its meeting in Hauppauge Monday. The panel could meet for several more months and is expected to finish with a report on the source of the Sept. 8 attack and the circumstances that led to it.

Hackers gained access to the computer system by exploiting a vulnerability in the county clerk’s domain about nine months prior to the attack, according to a report crafted by digital forensic firm Unit 42, whose parent company Palo Alto Networks provided the county’s firewall.

Legislators in November granted subpoena power to the committee, along with power to administer oaths and affirmations and compel the production of related books, papers and witnesses.

Last week, Donoghue said the committee had obtained 20,000 documents and interviewed nine witnesses who spoke voluntarily.

He said initial interviews with subpoenaed witness will not be public, although the committee could move on to public testimony later.

Dan Levler, president of the Association of Municipal Employees, the county’s largest union, said it would “ensure their [members’] rights are fully protected if and when they receive a subpoena to testify.”

Donoghue said the committee has also requested to speak with officials in County Executive Steve Bellone’s administration.

The attack forced the county to take its website and other web-based applications down until February. The hackers initially demanded a $2.5 million ransom, but the county didn't pay it, Bellone has said.

A handful of online services, including property title searches and sewer bill payments, remain offline.

Donoghue last week said the county did not have a cyber breach recovery plan in place at the time of the attack, which likely contributed to the length of recovery. Bellone last week announced hiring Kenneth Brancik as the county’s first chief information security officer, who will be tasked with creating a recovery plan for potential future attacks.

The committee has not set a date for its next meeting.

SUBSCRIBE

Unlimited Digital AccessOnly 25¢for 6 months

ACT NOWSALE ENDS SOON | CANCEL ANYTIME