The Suffolk County Legislature convened a crucial cybersecurity meeting, grappling with the aftermath of the 2022 ransomware attack that targeted the county’s systems. At the center of the discussion was testimony from Lisa Black, the former Chief Deputy County Executive, whose account of the events during the cyber-attack raised eyebrows and frustrations among lawmakers.
The meeting, held in Riverhead, sought to shed light on the details surrounding the ransomware attack that crippled Suffolk County’s operations for several weeks in 2022. Lisa Black, a key figure during the crisis, appeared before the legislature and testified for nearly three-and-a-half hours.
“We did a lot of very important work together and we can take pride in the fact that ultimately this event impacted less than 2% of county systems, all backups are retained or restored, or rebuilt, and this county did not pay a ransom to criminal actors,” said Black in Riverhead last week.
The attack is known for taking multiple county systems and websites offline for months, as well as exposing the personal information of over 400,000 people. Black and former members of the previous administration continue to maintain that the compromising hack came from a specific type of vulnerability that originated in the County Clerk’s Office.
However, tensions quickly escalated as Black appeared hesitant and occasionally evasive in her responses, citing advice from her legal counsel. At times, she outright refused to answer certain questions, citing ongoing DA investigations and stating that she could not recall specific details.
Legislators expressed frustration over what they perceived as a lack of transparency and accountability in Black’s testimony. They pressed for clarity on critical issues such as the timeline of the attack, the extent of data compromised, and the effectiveness of the county’s cybersecurity measures at the time and ongoing.
Cyber Security Committee Chairman, Legislator Anthony Piccirillo (R-Holtsville) questioned Black on why there was no appointment of a Chief Information Security Officer prior to and immediately follow the attacks. He asked how long it was between the FBI tip that Suffolk County’s systems were vulnerable and the September 2022 malware attack as well as why when leaving office, she “scrubbed” her computer of all data. She stated the timeline of the FBI tip to malware attack was a few months prior and refused to answer any questions regarding the computer deletions after conferring with her counsel.
The questions are in line with an ongoing investigation by Suffolk County District Attorney Ray Tierney (R) into allegations that members of former Executive Steve Bellone’s (D-West Babylon) administration improperly destroyed and/or removed county data after they left office last year.
Piccirillo asked that the “record reflect” Black’s refusal to answer questions.
Black’s attorney, David Kelley, spoke on her behalf regarding the questions of document mishandling and removal.
“It’s a subject, reportedly, from a district attorney’s investigation and they can pursue it and contact her if they wish,” said Kelley.
During her testimony, Lisa Black acknowledged the severity of the ransomware attack but maintained that she followed protocols and directives provided by legal advisors and cybersecurity experts. She emphasized the complexity of managing such a crisis and defended her actions during the chaotic aftermath.
Additional questioning included any retaliation against whistleblowers within the administration, recruitment and retention issues including department requests for additional personnel, and any directives given to limit the size of the county’s workforce. Legislator Rob Trotta (R-Fort Salonga) (pictured above) questioned the FBI call further, asking why this was not escalated to her level and she was not made aware of it. She stated she was not upset that she was not made aware of the call by those who reported to her directly.
Despite Black’s explanations, legislators present at the meeting emphasized the importance of accountability and transparency in handling cyber threats. They underscored the need for robust cybersecurity protocols, preparedness, regular audits, the need for additional personnel, and comprehensive training to strengthen Suffolk County’s defenses against future attacks.
Moving forward, the Suffolk County Legislature pledged to conduct a thorough review of the testimony and evidence presented during the cybersecurity meeting. They are committed to identifying areas for improvement in cybersecurity policies and procedures to safeguard county systems and sensitive data.
As the meeting concluded, legislators reiterated their commitment to holding accountable those responsible for safeguarding Suffolk County’s digital infrastructure. They vowed to continue pursuing answers and implementing necessary reforms to prevent future cyber incidents and protect the interests of county residents and stakeholders.
The Suffolk County Legislature’s cybersecurity meeting underscored the critical importance of transparency, accountability, and proactive measures in safeguarding against cyber threats. As Suffolk County continues to recover from the 2022 ransomware attack, efforts to strengthen cybersecurity defenses remain a top priority for local officials and cybersecurity experts alike.
