Suffolk County Executive Steve Bellone is calling for disciplinary charges to be filed against a information technology administrator who failed to stop a cyberattack that downed the county computer network for nearly six months.
Bellone recently sent to the Suffolk County Legislature a written request that Pete Schlussler, the former IT administrator for the county clerk’s office, be charged with misconduct and incompetence with a punishment of termination.
“I urge the legislature to take action because accountability is the only way that such conduct will effectively be prevented in the future,” Bellone wrote to legislative leaders in a Dec.13 letter obtained by the Press.
Schlussler, who makes $164,636 annually, has been on paid administrative leave since three months after the Sept. 8, 2022 cyberattack that multiple reports have found originated in the clerk’s segregated IT network that hackers used to access other county networks. The former IT head argues that he first alerted the county to the attack.
As the Press has reported, an investigation of the cyberattack concluded that cyber criminals entered the county’s online system through the former county clerk’s IT environment in December 2021. About eight months later, the hackers found credentials that gave them access to the larger county IT environment, and the cyberattack occurred about two weeks later. The hackers, known as BlackCat, demanded $2.5 million in ransom to give the county back access to its networks. The county refused to pay the ransom.
As the Press exclusively reported, Schlussler did not alert county officials that the computer network in the clerk’s office was responding to a “radical malware attack” until eight hours after he was alerted, according to a Center for Internet Security (CIS) report. The hackers gained access to the clerk’s office network through a computer program security flaw known as a “Log4J vulnerability” and partly as a result of technical vulnerabilities introduced by Christopher Naples, Schlussler’s former deputy, who was arrested in 2021 for allegedly installing hidden computers in the Riverhead-based clerk’s office in a scheme to mine bitcoin — the process in which cryptocurrency transactions recorded — without Schlussler noticing, officials have said. Schlussler could not be reached for comment.
Since the attack, the county Department of Information Technology (DoIT) has managed the Clerk’s IT network, did a full assessment, and developed a remediation plan for the clerk’s network, such as implementing systems upgrades that had been neglected by Schlussler for years and even decades, Bellone wrote in his letter.
“In the wake of the cyberattack, DoIT has also been able to advance cybersecurity in the county in ways that would have been inconceivable prior to September 8th because of the strong culture of IT segregation in Suffolk,” Bellone’s letter added. “Now it is our responsibility to end this segregated environment once and for all when it comes to the security of the county network. I urge the legislature to adopt the common sense security legislation presently under consideration that would ensure that there is a standard cybersecurity policy across the entire network enforced by trained cybersecurity professionals.”
Among the reforms Bellone is urging is empowering a Chief Information Security Officer to enforce the county’s security policy across the network, compel a county office to remediate vulnerabilities, require participation in a Countywide Security Operations Center, and require that passwords be protected.
“Never again can the county allow one department to put the network at risk,” the letter stated.
Neither Suffolk County Legislative Presiding Officer Kevin McCaffrey (R-Lindenhurst), who oversees the legislature’s cyberattack task force investigating the incident, nor incoming Suffolk County Executive Ed Romaine — the Republican elected last month to replace term-limited Democrat Bellone — had a comment on the letter.
Democratic Minority Leader Jason Richberg (D-Wyandanch) welcomed the news that Bellone on Dec. 15 lifted the state of emergency enacted after the cyberattack.
Richberg said, “It has been a long, arduous process but our task force has made some important progress and I’m confident that we are heading in the right direction.”
