Suffolk officials seek report by clerk IT director in cyberattack probe

Suffolk officials are calling for the cyberattack investigation committee to hand over a report by the county clerk's IT director.

Rachel Yonkunas

Sep 15, 2023, 9:43 PM

Updated 416 days ago

Share:

Suffolk County leaders want the cyberattack investigation committee to hand over a report by the county clerk's IT director.
Peter Schlussler submitted a 157-page report to the special legislative committee earlier this year. The report details his account of the massive cyber breach on county government systems in September 2022.
During his testimony before the committee back in June, Schlussler said his report outlines "numerous and repeated failings" by county IT leadership.
"This, in my opinion, will clearly demonstrate that the ransomware encryption attack unequivocally could and should have been prevented had appropriate actions been taken by the Suffolk County Department of Information Technology leadership and my insistent warnings been heeded," Schlusser told committee members.
Committee members cited Schlussler's report during his questioning at one of their hearings. However, it has not been made public.
Much of Schlusser's testimony about the cyberattack contradicted a forensic analysis by Palo Alto, which provided the firewall for the county's cyberattack defense. The county asserts that the cyberattack was a "direct result of repeated failures" by the clerk's office in maintaining its segregated IT environment.
Schlussler has been on paid administrative leave since December. County officials said he did not implement critical security upgrades, ignored red flags of a cyberthreat and obstructed access to their systems after the Sept. 8 cyberattack, which allegedly delayed the restoration and recovery process by months.
Representatives from the county executive's office said they have spent months asking the special committee to publicly release his report so they could review his findings.
"How are you really going to put in place effective measures to ensure that something like this doesn't happen again if you're creating that around a false narrative, like the one that's emerging when it's drawn on Schlussler's testimony and presumably his report that no one can see?" asked David Kelley, outside counsel speaking on behalf of Suffolk County. "It's important, we think, that they release this report so it can be subjected to public scrutiny so people can really see what's going on."
Committee members have reiterated that their public hearings are not over as they still have not heard from members of the administration yet. They said Schlussler's report has not been made public due to attorney-client privileges.
The special legislative committee has been reviewing tens of thousands of documents related to the cyberattack, as well as interviewing county employees during their bimonthly public hearings.