Suffolk County To Start Restoring Online Services After Cyberattack

HAUPPAUGE, NY — The Suffolk clerk's office has been given the all-clear and the county's main website, including 15 other websites and more online services were expected to back up on Friday after over five months in the virtual dark due to the cyberattack in September, County Executive Steve Bellone said.

Hackers breached the Suffolk clerk's office in 2021, and went undetected about seven months before they accessed the county's main servers on Sept. 8, 2022, prompting officials to shut down all online services.

The bulk of the county's department's were given a clean bill of cyber health in October, but not the clerk's, which had a decentralized Internet Technology department that was separate from the county's.

Bellone previously said that had key security features been implemented, and information not withheld, the cyberattack could have been thwarted.

The clerk's office's previous IT director Peter Schlussler was placed on paid leave in December. He has denied any wrongdoing, according to published reports.

"The clerk's office has been deemed clean and we are able to start to restore online services beginning with the county website later today," Bellone announced at a news conference in Hauppauge on Friday.

Staffers from the county's Internet Technology department and the clerk's office made "significant progress," starting with rescanning all endpoints in the clerk's IT environment, Bellone said, adding that computers in Westhampton were scanned for the first time since the attack and duplicative tools were removed to provide unified security on endpoints.

The county's IT identified "significant issues in every major system" in the clerk's IT environment and its firewall system was running on an outdated version of software that had known published vulnerabilities, Bellone said.

The clerk's office was paying a vendor $25,000 a year for firewall maintenance and support that was never used to install the necessary updates and it was maintaining logs for only seven hours, according to Bellone.

Access to the clerk's maintained firewalls and their corresponding security alerts from the office, which had a separate IT department, were never shared with the county's central IT department, though the system did share other firewall alerts directly with the former clerk IT director, Bellone said.

Working together with a team from County Clerk Vincent Puleo's office, the county's IT staffers replaced the clerk's office's firewall with the latest firewall protection with threat protections featuring "improved functionality with real-time, centralized monitoring and notification," according to Bellone.

"The replaced firewall now follows best practices for log retention, where logs will be maintained for months, not seven hours," he said, adding that "all firewall security alerts are now centrally-monitored at county IT where security administrators can investigate and identify the source and type of threats to the entire network."

The clerk's title search software system, which hadn't been updated in a decade, as well as the database management system, which hadn't been updated in up to two decades, and a phone system that was segregated from the rest of the county with no clear benefit or justification, were also updated, according to Bellone.

One of the "disturbing findings" in the clerk's IT environment, included a tape of back-ups for some of the clerk servers, which should have been stored by the former clerk IT director in a secure location, were "instead located in the basement of a private home," Bellone said.

He did not identify where the home is located or to whom it belongs to.

Bellone confirmed that the clerk's office's Iron Key folder, which was compromised and deleted after the cyberattack, contained the passwords and usernames for top administrators in the clerk's office.

He did not indicate how this could have occurred.

All users in the clerk's office will now have access to email, and for the first time since the start of the intrusion, the clerk's office can connect to other domains, in addition to the main county website and 15 other county-managed websites.

Other websites include Suffolk Transit, Join SCPD, Reclaim our water, and the Suffolk Land Bank will also be available. Other online services include, Civil Service applications, title search, and eligibility list, as well as Medicare and Workers' Compensation direct deposit, and purchasing contract search.

The Department of Labor's online job board, the parks' department's online reservation system, including camping and golf reservations, as well as traffic ticket services, like paying violations online and the online police system are also expected to be back up by the end of the week.

Other applications, such as Certificates of Residence, Request for Proposal announcement contract systems, Consumer Affairs online payments, permit payments, Suffolk's Bravest, and the Geographic Information Mapping Systems portal as also expected to go live by the end of next week.

"We're taking the same approach that we've used since the start of this emergency — a rolling restoration," Bellone said. "Importantly, by taking a measured and phased approach in this stage, we are still able to restore online function in a safe and secure manner."

Puelo thanked staffers for getting the county clerk's office back to where it belongs, and "giving the public the opportunity to be able to interface with us on an internet basis."

"So, with that going forward, we will do everything we can in the clerk's office to cooperate and get things to where they belong and keep the protection so that the whole county is protected and from future attacks," he said.

Bellone said he "refused to point fingers because it is counterproductive" and during an emergency, "irresponsible."

He refused to comment "on any aspect of the forensic examination until we had definitive findings."

Patch has reached out to Suffolk District Attorney Ray Tierney's office for comment.

RELATED STORIES:

• 5 Things To Know About Preliminary Suffolk Cyberattack Probe
• Suffolk Clerk Office's IT Dept. Revamped After Cyberattack Exam
• Suffolk Cyberattack Hackers Demanded $2.5M: Bellone
• 'Zombie House' Demos Stalled In Brookhaven Over Cyberattack: Officials
• Suffolk Offers Free Credit Monitoring To People Exposed In Cyberattack